Gentoo: 200303-1 Moderate: Eterm Escape Sequence Risk Exploit
gentoo
March 3, 2003
Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen.
Summary
- --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-1 - ---------------------------------------------------------------------
- ---------------------------------------------------------------------
From advisory:
"Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen. The impact of this abuse can range from annoying screen garbage to a complete system compromise. All of the issues below are actually documented features, anyone who takes the time to read over the man pages or source code could use them to carry out an attack."
Read the full advisory at: http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
SOLUTION
It is recommended that all Gentoo Linux users who are running x11-terms/eterm upgrade to eterm-0.9.2-r3 as follows:
emerge sync emerge -u eterm emerge clean
...Read the Full Advisory
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
PACKAGE : eterm
SUMMARY : dangerous interception of escape sequences
DATE : 2003-03-03 10:13 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <0.9.2 : fixed version>0.9.2
CVE : CAN-2003-0021 CAN-2003-0068
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!