gnome-terminal allows arbitrary command execution when viewing files containing crafted escape sequences

2003-02-27T00:00:00
ID VU:230561
Type cert
Reporter CERT
Modified 2003-02-27T00:00:00

Description

Overview

gnome-terminal may allow a remote attacker to execute arbitrary commands via crafted escape sequences.

Description

gnome-terminal affords users the ability to utilize an escape sequence to "export" the title of the current window title directly to the shell command line. By viewing a maliciously crafted file in gnome-terminal, a victim may unknowingly execute shell commands (provided by the attacker).

This vulnerability was discovered by H D Moore of Digital Defense. H D has provided a paper on this topic (TERMINAL EMULATOR SECURITY ISSUES), and Red Hat has published RHSA-2003:053-10. Both of these documents provide more information about this vulnerability.


Impact

A remote attacker may be able to execute arbitrary commands on a vulnerable host.


Solution

Apply a patch.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Red Hat Inc.| | -| 27 Feb 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.digitaldefense.net/labs/papers/Termulation.txt>
  • <https://rhn.redhat.com/errata/RHSA-2003-053.html>

Credit

This vulnerability was discovered by H D Moore of Digital Defense. The CERT/CC thanks both H D Moore and Red Hat for providing information upon which this document is based.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: CAN-2003-0070
  • Date Public: 24 Feb 2003
  • Date First Published: 27 Feb 2003
  • Date Last Updated: 27 Feb 2003
  • Severity Metric: 4.86
  • Document Revision: 5