CVE-2003-0070 regression
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vte (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Jaunty |
Fix Released
|
Medium
|
Unassigned | ||
Karmic |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Received by the security team:
Hello,
I was testing several different terminal emulators for an old
well-known vulnerability.
I noticed that gnome-terminal which is installed as the default
terminal emulator application on Ubuntu 9.10 Netbook Edition is
vulnerable to the old terminal title set+query attack. This
vulnerability comes from the VTE library being used. I assume that
other Ubuntu versions are vulnerable as well.
Users who display data from untrusted sources within a terminal
window are exposed. This can happen for example by using "cat"
command to display a file from an untrusted source or by using "tail
-f" to monitor system log files.
See the following URLs for more details:
http://
http://
http://
http://
This is a funny bug. It has existed "forever" (since early 90's at
least) and been fixed multiple times, but it re-surfaces always
again somewhere after a couple of years have passed.
Please note that setting the terminal title is a desired feature,
but querying it with an escape code should be disabled by default
to prevent exploitation.
Changed in vte (Ubuntu Lucid): | |
status: | Confirmed → Fix Released |
Changed in vte (Ubuntu Jaunty): | |
status: | Confirmed → Fix Released |
Changed in vte (Ubuntu Karmic): | |
status: | Confirmed → Fix Released |
CRD is 2010-07-15