ID USN-962-1 Type ubuntu Reporter Ubuntu Modified 2010-07-15T00:00:00
Description
Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.
{"history": [], "description": "Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.", "affectedPackage": [{"OSVersion": "9.04", "OS": "Ubuntu", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvte9", "packageVersion": "1:0.20.0-0ubuntu2.1"}, {"OSVersion": "9.10", "OS": "Ubuntu", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvte9", "packageVersion": "1:0.22.2-0ubuntu2.1"}, {"OSVersion": "10.04", "OS": "Ubuntu", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "libvte9", "packageVersion": "1:0.23.5-0ubuntu1.1"}], "reporter": "Ubuntu", "href": "https://usn.ubuntu.com/962-1/", "type": "ubuntu", "hashmap": [{"key": "affectedPackage", "hash": "9e8f72b11361aa64e7671b0bd6c4da56"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "f4141c1efb317bab4c6952653dccacc2"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "2534c4455d293c8c25a6021ee3a854e1"}, {"key": "href", "hash": "f131bbddc1df030eb2f44bd659afe6e3"}, {"key": "modified", "hash": "bf5f17cdbfc4cc9c81f25254cc8ddbdf"}, {"key": "published", "hash": "bf5f17cdbfc4cc9c81f25254cc8ddbdf"}, {"key": "references", "hash": "3995933089ccdddd3d16f78a1cc0b986"}, {"key": "reporter", "hash": "3d945423f8e9496c429a5d8c65b4604f"}, {"key": "title", "hash": "9b3955372621455801edd7f7bcacafbf"}, {"key": "type", "hash": "1d41c853af58d3a7ae54990ce29417d8"}], "viewCount": 0, "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2713"], "lastseen": "2018-03-29T18:20:30", "published": "2010-07-15T00:00:00", "objectVersion": "1.3", "cvelist": ["CVE-2010-2713"], "id": "USN-962-1", "hash": "d56964b250c26e9bcb33c0af1be0ee84910df6787e47aeb8f5b808ab0a59ea06", "modified": "2010-07-15T00:00:00", "title": "VTE vulnerability", "edition": 1, "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "bulletinFamily": "unix", "enchantments": {"vulnersScore": 10.0}}
{"result": {"cve": [{"id": "CVE-2010-2713", "type": "cve", "title": "CVE-2010-2713", "description": "The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.", "published": "2010-08-05T14:17:57", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2713", "cvelist": ["CVE-2010-2713"], "lastseen": "2016-09-03T14:08:59"}], "openvas": [{"id": "OPENVAS:136141256231067710", "type": "openvas", "title": "FreeBSD Ports: vte", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2010-07-22T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067710", "cvelist": ["CVE-2010-2713"], "lastseen": "2018-01-08T12:54:01"}, {"id": "OPENVAS:840460", "type": "openvas", "title": "Ubuntu Update for vte vulnerability USN-962-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-962-1", "published": "2010-07-16T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840460", "cvelist": ["CVE-2010-2713"], "lastseen": "2017-12-04T11:17:57"}, {"id": "OPENVAS:1361412562310840460", "type": "openvas", "title": "Ubuntu Update for vte vulnerability USN-962-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-962-1", "published": "2010-07-16T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840460", "cvelist": ["CVE-2010-2713"], "lastseen": "2018-01-17T11:05:34"}, {"id": "OPENVAS:67710", "type": "openvas", "title": "FreeBSD Ports: vte", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2010-07-22T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=67710", "cvelist": ["CVE-2010-2713"], "lastseen": "2017-07-02T21:09:56"}, {"id": "OPENVAS:1361412562310831137", "type": "openvas", "title": "Mandriva Update for vte MDVSA-2010:161 (vte)", "description": "Check for the Version of vte", "published": "2010-08-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831137", "cvelist": ["CVE-2010-2713", "CVE-2003-0070"], "lastseen": "2018-01-02T10:54:38"}, {"id": "OPENVAS:831137", "type": "openvas", "title": "Mandriva Update for vte MDVSA-2010:161 (vte)", "description": "Check for the Version of vte", "published": "2010-08-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=831137", "cvelist": ["CVE-2010-2713", "CVE-2003-0070"], "lastseen": "2017-12-12T11:11:08"}, {"id": "OPENVAS:1361412562310121296", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201412-10", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201412-10", "published": "2015-09-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121296", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "lastseen": "2018-04-09T11:27:17"}], "nessus": [{"id": "MANDRIVA_MDVSA-2010-161.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : vte (MDVSA-2010:161)", "description": "A vulnerability has been found and corrected in vte :\n\nThe vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression (CVE-2010-2713).\n\nThe updated packages have been patched to correct this issue.", "published": "2010-08-25T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=48428", "cvelist": ["CVE-2010-2713"], "lastseen": "2017-10-29T13:38:50"}, {"id": "SUSE_11_3_VTE-100716.NASL", "type": "nessus", "title": "openSUSE Security Update : vte (openSUSE-SU-2010:0404-1)", "description": "VTE was vulnerable to an old title set+query attack which could be used by remote attackers to execute arbitrary code (CVE-2010-2713).", "published": "2014-06-13T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=75770", "cvelist": ["CVE-2010-2713"], "lastseen": "2017-10-29T13:37:19"}, {"id": "SUSE_11_VTE-100715.NASL", "type": "nessus", "title": "SuSE 11.1 Security Update : vte, vte-debuginfo, vte-debugsource, vte-devel, vte-doc, vte-lang (SAT Patch Number 2718)", "description": "This update fixes a vulnerability of VTE to an old title set and query attack which could be used by remote attackers to execute arbitrary code. (CVE-2010-2713)", "published": "2011-01-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=51634", "cvelist": ["CVE-2010-2713"], "lastseen": "2017-10-29T13:41:48"}, {"id": "FREEBSD_PKG_9A8FECEF92C011DFB1400015F2DB7BDE.NASL", "type": "nessus", "title": "FreeBSD : vte -- Classic terminal title set+query attack (9a8fecef-92c0-11df-b140-0015f2db7bde)", "description": "Kees Cook reports :\n\nJanne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.", "published": "2010-07-19T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47752", "cvelist": ["CVE-2010-2713"], "lastseen": "2017-10-29T13:39:37"}, {"id": "SUSE_11_2_VTE-100716.NASL", "type": "nessus", "title": "openSUSE Security Update : vte (openSUSE-SU-2010:0404-1)", "description": "VTE was vulnerable to an old title set+query attack which could be used by remote attackers to execute arbitrary code (CVE-2010-2713).", "published": "2010-07-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47776", "cvelist": ["CVE-2010-2713"], "lastseen": "2017-10-29T13:42:06"}, {"id": "UBUNTU_USN-962-1.NASL", "type": "nessus", "title": "Ubuntu 9.04 / 9.10 / 10.04 LTS : vte vulnerability (USN-962-1)", "description": "Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2010-07-16T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=47742", "cvelist": ["CVE-2010-2713", "CVE-2003-0070"], "lastseen": "2017-10-29T13:43:14"}, {"id": "GENTOO_GLSA-201412-10.NASL", "type": "nessus", "title": "GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012", "description": "The remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012)\n\n Vulnerabilities have been discovered in the packages listed below.\n Please review the CVE identifiers in the Reference section for details.\n EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact :\n\n A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "published": "2014-12-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79963", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "lastseen": "2017-10-29T13:45:19"}], "freebsd": [{"id": "9A8FECEF-92C0-11DF-B140-0015F2DB7BDE", "type": "freebsd", "title": "vte -- Classic terminal title set+query attack", "description": "\nKees Cook reports:\n\nJanne Snabb discovered that applications using VTE, such as\n\t gnome-terminal, did not correctly filter window and icon title\n\t request escape codes. If a user were tricked into viewing\n\t specially crafted output in their terminal, a remote attacker\n\t could execute arbitrary commands with user privileges.\n\n", "published": "2010-07-15T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/9a8fecef-92c0-11df-b140-0015f2db7bde.html", "cvelist": ["CVE-2010-2713"], "lastseen": "2016-09-26T17:24:48"}], "gentoo": [{"id": "GLSA-201412-10", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2012", "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * EGroupware\n * VTE\n * Layer Four Traceroute (LFT)\n * Suhosin\n * Slock\n * Ganglia\n * Jabber to GaduGadu Gateway\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll EGroupware users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-apps/egroupware-1.8.004.20120613\"\n \n\nAll VTE 0.32 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/vte-0.32.2\"\n \n\nAll VTE 0.28 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/vte-0.28.2-r204\"\n \n\nAll Layer Four Traceroute users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/lft-3.33\"\n \n\nAll Suhosin users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/suhosin-0.9.33\"\n \n\nAll Slock users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slock-1.0\"\n \n\nAll Ganglia users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-cluster/ganglia-3.3.7\"\n \n\nAll Jabber to GaduGadu Gateway users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/gg-transport-2.2.4\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2013. It is likely that your system is already no longer affected by these issues.", "published": "2014-12-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201412-10", "cvelist": ["CVE-2011-2198", "CVE-2010-3314", "CVE-2012-2738", "CVE-2010-2713", "CVE-2012-1620", "CVE-2012-3448", "CVE-2008-4776", "CVE-2012-0808", "CVE-2010-3313", "CVE-2012-0807", "CVE-2011-0765"], "lastseen": "2016-09-06T19:47:02"}]}}
