English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  


Synopsis:          Updated rxvt packages fix various vulnerabilites
Advisory ID:       RHSA-2003:055-09
Issue date:        2003-02-06
Updated on:        2003-03-11
Product:           Red Hat Advanced Products
Keywords:          trojan escape reporting rxvt
Cross references:=20=20
Obsoletes:=20=20=20=20=20=20=20=20=20
CVE Names:         CAN-2003-0022 CAN-2003-0023 CAN-2003-0006
---------------------------------------------------------------------

1. Topic:

Updated rxvt packages are available which fix a number of vulnerabilities
in the handling of escape sequences.

2. Relevant releases/architectures:

Red Hat Linux Advanced Server 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64

3. Problem description:

Rxvt is a color VT102 terminal emulator for the X Window System.  A number
of issues have been found in the escape sequence handling of Rxvt.
These could be potentially exploited if an attacker can cause carefully
crafted escape sequences to be displayed on an rxvt terminal being used by
their victim.=20

One of the features which most terminal emulators support is the ability
for the shell to set the title of the window using an escape sequence.=20
Certain xterm variants, including rxvt, also provide an escape sequence for
reporting the current window title.  This essentially takes the current
title and places it directly on the command line.  Since it is not
possible to embed a carriage return into the window title itself, the
attacker would have to convince the victim to press the Enter key for the
title to be processed as a command, although the attacker can perform a
number of actions to increase the likelihood of this happening.

A certain escape sequence when displayed in rxvt will create an arbitrary
file.=20=20

It is possible to add malicious items to the dynamic menus through an
escape sequence.

Users of Rxvt are advised to upgrade to these errata packages which contain
a patch to disable the title reporting functionality and patches to correct
the other issues.

Red Hat would like to thank H D Moore for bringing these issues to our
attention.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

Please note that this update is available via Red Hat Network.  To use Red
Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

84587 - rxvt contains a number of vulnerabilities in escape sequences

6. RPMs required:

Red Hat Linux Advanced Server 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/rxvt-2.7.8-4.src.rpm

i386:
Available from Red Hat Network: rxvt-2.7.8-4.i386.rpm

ia64:
Available from Red Hat Network: rxvt-2.7.8-4.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/rxvt-2.7.8-4.src.rpm

ia64:
Available from Red Hat Network: rxvt-2.7.8-4.ia64.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
f5b4712eeb3c941b9b5f2cf3ab6d6dc4 2.1AS/en/os/SRPMS/rxvt-2.7.8-4.src.rpm
94a3cbbf0dbd8739e9b1b2cc716a326e 2.1AS/en/os/i386/rxvt-2.7.8-4.i386.rpm
781b84624dda1114d74d09814438c54a 2.1AS/en/os/ia64/rxvt-2.7.8-4.ia64.rpm
f5b4712eeb3c941b9b5f2cf3ab6d6dc4 2.1AW/en/os/SRPMS/rxvt-2.7.8-4.src.rpm
781b84624dda1114d74d09814438c54a 2.1AW/en/os/ia64/rxvt-2.7.8-4.ia64.rpm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
=20=20=20=20
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
=20=20=20=20
    md5sum <filename>


8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2003-0022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2003-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2003-0006

9. Contact:

The Red Hat security contact is <security@redhat.com>.  More contact
details at http://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.





© 1998-2024 E-Soft Inc. All rights reserved.