9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.013 Low
EPSS
Percentile
85.8%
CentOS Errata and Security Advisory CESA-2009:0019-01
Hanterm is a replacement for xterm, a X Window System terminal emulator,
that supports Hangul input and output.
A flaw was found in the Hanterm handling of Device Control Request Status
String (DECRQSS) escape sequences. An attacker could create a malicious
text file (or log entry, if unfiltered) that could run arbitrary commands
if read by a victim inside a Hanterm window. (CVE-2008-2383)
All hanterm-xf users are advised to upgrade to the updated package, which
contains a backported patch to resolve this issue. All running instances of
hanterm must be restarted for the update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-February/077734.html
Affected packages:
hanterm-xf
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | hanterm-xf | < 2.0.5-5.AS21.2 | hanterm-xf-2.0.5-5.AS21.2.i386.rpm |
CentOS | 2 | i386 | hanterm-xf | < 2.0.5-5.AS21.2 | hanterm-xf-2.0.5-5.AS21.2.i386.rpm |