[Bug 464884] New: xterm vulnerable to CVE-2008-2383
https://bugzilla.novell.com/show_bug.cgi?id=464884 Summary: xterm vulnerable to CVE-2008-2383 Product: openSUSE 11.0 Version: Final Platform: x86-64 OS/Version: openSUSE 11.0 Status: NEW Severity: Major Priority: P5 - None Component: X11 Applications AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: R.Vickers@cs.rhul.ac.uk QAContact: sndirsch@novell.com Found By: --- One of my users pointed out that SuSE 11.0 has the bug recently reported in Debian Linux. A user running xterm can be induced to execute hostile commands by, for example, displaying an email message. Demonstrate with perl -e 'print "\eP\$q\nwhoami\n\e\\"' > bla.log cat bla.log executes whoami command. See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=464884 Cyril Hrubis <chrubis@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |meissner@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=464884 User meissner@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=464884#c1 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |DUPLICATE --- Comment #1 from Marcus Meissner <meissner@novell.com> 2009-01-09 09:28:17 MST --- yes, thanks for the report. updates are in preparation. *** This bug has been marked as a duplicate of bug 462917 *** https://bugzilla.novell.com/show_bug.cgi?id=462917 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com