Test ID:	1.3.6.1.4.1.25623.1.0.63139
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2009:005 (xterm)
Summary:	The remote host is missing an update to xterm;announced via advisory MDVSA-2009:005.
Description:	Summary: The remote host is missing an update to xterm announced via advisory MDVSA-2009:005. Vulnerability Insight: A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user's system. The vulnerability is due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into displaying a malicious text file containing a specially crafted escape sequence via the more command in xterm (CVE-2008-2383). The updated packages have been patched to prevent this. Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2383 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 33060 http://www.securityfocus.com/bid/33060 Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1694 (Google Search) http://www.debian.org/security/2009/dsa-1694 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00072.html https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00184.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3E2Q6NPKT7V4VKZMSFF4ARLRVYOG4AU/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOOVZTIABA4MIFUGTAVYWO6QXSUXSST4/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9317 http://www.redhat.com/support/errata/RHSA-2009-0018.html http://www.redhat.com/support/errata/RHSA-2009-0019.html http://www.securitytracker.com/id?1021522 http://secunia.com/advisories/33318 http://secunia.com/advisories/33388 http://secunia.com/advisories/33397 http://secunia.com/advisories/33418 http://secunia.com/advisories/33419 http://secunia.com/advisories/33568 http://secunia.com/advisories/33820 http://secunia.com/advisories/35074 http://sunsolve.sun.com/search/document.do?assetkey=1-66-254208-1 SuSE Security Announcement: SUSE-SR:2009:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html SuSE Security Announcement: SUSE-SR:2009:003 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html https://usn.ubuntu.com/703-1/ http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: xterm-decrqss-code-execution(47655) https://exchange.xforce.ibmcloud.com/vulnerabilities/47655
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.