iTerm2 with tmux integration is vulnerable to remote command execution

Overview

iTerm2, up to and including version 3.3.5, with tmux integration is vulnerable to remote command execution.

Description

iTerm2 is a popular terminal emulator for macOS that supports terminal multiplexing using tmux integration and is frequently used by developers and system administrators. A vulnerability, identified as CVE-2019-9535, exists in the way that iTerm2 integrates with tmux’s control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5.

---

Impact

This vulnerability may allow an attacker to execute arbitrary commands on their victim’s computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content. Potential attack vectors include connecting via ssh to a malicious server, using curl to fetch a malicious website, or using tail -f to follow a logfile containing some malicious content.

---

Solution

Apply an update

Update iTerm2 to version 3.3.6, which includes mitigations against exploitation of this vulnerability. The latest version is available as an update within the program itself, or can be downloaded here. As the tmux integration cannot be disabled through configuration, a complete resolution is not yet available. We recommend that users of tmux integration follow the best practices outlined by iTerm2.

---

Vendor Information

763073

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

iTerm 2 Affected

Updated: October 08, 2019

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

CVSS Metrics

Group	Score	Vector
Base	9.3	AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal	7.3	E:POC/RL:OF/RC:C
Environmental	1.8	CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

• <https://www.iterm2.com/downloads.html&gt;
• <https://github.com/gnachman/iTerm2/commit/538d570ea54614d3a2b5724f820953d717fbeb&gt;
• <https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/&gt;
• <https://www.iterm2.com/documentation-tmux-integration.html&gt;
• <https://gitlab.com/gnachman/iterm2/wikis/tmux-Integration-Best-Practices&gt;
• <https://radicallyopensecurity.com/&gt;

Acknowledgements

Thanks to Stefan Grönke and Fabian Freyer of Radically Open Security for finding this vulnerability, the Mozilla Open Source Support (MOSS) project for supporting the audit, and George Nachman of iTerm2 for developing the fix, and all parties for coordinating this vulnerability.

This document was written by Madison Oliver.

Other Information

CVE IDs:	CVE-2019-9535
Date Public:	2019-10-09 Date First Published: