CVE-2003-0070 regression
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| vte (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
| Jaunty |
Fix Released
|
Medium
|
Unassigned | ||
| Karmic |
Fix Released
|
Medium
|
Unassigned | ||
| Lucid |
Fix Released
|
Medium
|
Unassigned | ||
| Maverick |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
Received by the security team:
Hello,
I was testing several different terminal emulators for an old
well-known vulnerability.
I noticed that gnome-terminal which is installed as the default
terminal emulator application on Ubuntu 9.10 Netbook Edition is
vulnerable to the old terminal title set+query attack. This
vulnerability comes from the VTE library being used. I assume that
other Ubuntu versions are vulnerable as well.
Users who display data from untrusted sources within a terminal
window are exposed. This can happen for example by using "cat"
command to display a file from an untrusted source or by using "tail
-f" to monitor system log files.
See the following URLs for more details:
http://
http://
http://
http://
This is a funny bug. It has existed "forever" (since early 90's at
least) and been fixed multiple times, but it re-surfaces always
again somewhere after a couple of years have passed.
Please note that setting the terminal title is a desired feature,
but querying it with an escape code should be disabled by default
to prevent exploitation.
| Marc Deslauriers (mdeslaur) wrote | #1 |
| Changed in vte (Ubuntu Jaunty): | |
| status: | New → Confirmed |
| Changed in vte (Ubuntu Karmic): | |
| status: | New → Confirmed |
| Changed in vte (Ubuntu Lucid): | |
| status: | New → Confirmed |
| Changed in vte (Ubuntu Maverick): | |
| status: | New → Confirmed |
| Changed in vte (Ubuntu Jaunty): | |
| importance: | Undecided → Medium |
| Changed in vte (Ubuntu Karmic): | |
| importance: | Undecided → Medium |
| Changed in vte (Ubuntu Lucid): | |
| importance: | Undecided → Medium |
| Changed in vte (Ubuntu Maverick): | |
| importance: | Undecided → Medium |
| Marc Deslauriers (mdeslaur) wrote | #2 |
| Changed in vte (Ubuntu Lucid): | |
| status: | Confirmed → Fix Released |
| Changed in vte (Ubuntu Jaunty): | |
| status: | Confirmed → Fix Released |
| Changed in vte (Ubuntu Karmic): | |
| status: | Confirmed → Fix Released |
| Jamie Strandboge (jdstrand) wrote | #3 |
| Changed in vte (Ubuntu Maverick): | |
| status: | Confirmed → Fix Released |
| visibility: | private → public |
CRD is 2010-07-15