J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: xterm DECRQSS Remote Command Execution Vulnerability

Severity: HIGH

Description:

The 'xterm' program is a terminal emulator for the X Window System.

The 'xterm' program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input. Specifically, the issue occurs when processing the DECRQSS (Device Control Request Status String). An attacker can exploit the issue by enticing a user to process a specially crafted file.

Successfully exploiting this issue would allow the attacker to execute arbitrary commands on an affected computer in the context of the affected application.

The issue affects xterm with patch 237; other versions may also be affected.

Affected Products:

  • Avaya Intuity AUDIX LX 1.0
  • Avaya Intuity AUDIX LX 2.0
  • Avaya Message Networking
  • Avaya Message Networking 3.1
  • Avaya Message Networking MN 3.1
  • Avaya Messaging Storage Server
  • Avaya Messaging Storage Server 1.0
  • Avaya Messaging Storage Server 2.0
  • Avaya Messaging Storage Server 3.1
  • Avaya Messaging Storage Server 4.0
  • Avaya Messaging Storage Server MM3.0
  • Avaya Messaging Storage Server MSS 3.0
  • Debian Linux 4.0
  • Debian Linux 4.0 alpha
  • Debian Linux 4.0 amd64
  • Debian Linux 4.0 arm
  • Debian Linux 4.0 hppa
  • Debian Linux 4.0 ia-32
  • Debian Linux 4.0 ia-64
  • Debian Linux 4.0 m68k
  • Debian Linux 4.0 mips
  • Debian Linux 4.0 mipsel
  • Debian Linux 4.0 powerpc
  • Debian Linux 4.0 s/390
  • Debian Linux 4.0 sparc
  • MandrakeSoft Corporate Server 3.0.0
  • MandrakeSoft Corporate Server 3.0.0 x86_64
  • MandrakeSoft Corporate Server 4.0
  • MandrakeSoft Corporate Server 4.0.0 x86_64
  • MandrakeSoft Linux Mandrake 2008.0
  • MandrakeSoft Linux Mandrake 2008.0 x86_64
  • MandrakeSoft Linux Mandrake 2008.1
  • MandrakeSoft Linux Mandrake 2008.1 x86_64
  • MandrakeSoft Linux Mandrake 2009.0
  • MandrakeSoft Linux Mandrake 2009.0 x86_64
  • RedHat Advanced Workstation for the Itanium Processor 2.1.0
  • RedHat Desktop 3.0.0
  • RedHat Desktop 4.0.0
  • RedHat Enterprise Linux 5 server
  • RedHat Enterprise Linux AS 2.1
  • RedHat Enterprise Linux AS 2.1 IA64
  • RedHat Enterprise Linux AS 3
  • RedHat Enterprise Linux AS 4
  • RedHat Enterprise Linux Desktop 5 client
  • RedHat Enterprise Linux ES 2.1
  • RedHat Enterprise Linux ES 2.1 IA64
  • RedHat Enterprise Linux ES 3
  • RedHat Enterprise Linux ES 4
  • RedHat Enterprise Linux WS 2.1
  • RedHat Enterprise Linux WS 2.1 IA64
  • RedHat Enterprise Linux WS 3
  • RedHat Enterprise Linux WS 4
  • RedHat Fedora 8
  • RedHat Fedora 9
  • S.u.S.E. Linux 5.0.0
  • S.u.S.E. Novell Linux Desktop 9
  • S.u.S.E. Open-Enterprise-Server
  • S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2
  • S.u.S.E. SUSE Linux Enterprise Server 10 SP2
  • S.u.S.E. SUSE Linux Enterprise Server 9
  • S.u.S.E. openSUSE 10.3
  • S.u.S.E. openSUSE 11.0
  • Slackware Linux -current
  • Slackware Linux 12.0
  • Slackware Linux 12.1
  • Slackware Linux 12.2
  • Sun OpenSolaris build snv_100
  • Sun OpenSolaris build snv_101
  • Sun OpenSolaris build snv_101a
  • Sun OpenSolaris build snv_102
  • Sun OpenSolaris build snv_103
  • Sun OpenSolaris build snv_104
  • Sun OpenSolaris build snv_104
  • Sun OpenSolaris build snv_105
  • Sun OpenSolaris build snv_106
  • Sun OpenSolaris build snv_91
  • Sun OpenSolaris build snv_92
  • Sun OpenSolaris build snv_95
  • Sun OpenSolaris build snv_96
  • Sun OpenSolaris build snv_99
  • Ubuntu Ubuntu Linux 6.06 LTS amd64
  • Ubuntu Ubuntu Linux 6.06 LTS i386
  • Ubuntu Ubuntu Linux 6.06 LTS powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS sparc
  • Ubuntu Ubuntu Linux 7.10 amd64
  • Ubuntu Ubuntu Linux 7.10 i386
  • Ubuntu Ubuntu Linux 7.10 lpia
  • Ubuntu Ubuntu Linux 7.10 powerpc
  • Ubuntu Ubuntu Linux 7.10 sparc
  • Ubuntu Ubuntu Linux 8.04 LTS amd64
  • Ubuntu Ubuntu Linux 8.04 LTS lpia
  • Ubuntu Ubuntu Linux 8.04 LTS powerpc
  • Ubuntu Ubuntu Linux 8.04 LTS sparc
  • Ubuntu Ubuntu Linux 8.10 amd64
  • Ubuntu Ubuntu Linux 8.10 i386
  • Ubuntu Ubuntu Linux 8.10 lpia
  • Ubuntu Ubuntu Linux 8.10 powerpc
  • Ubuntu Ubuntu Linux 8.10 sparc
  • X.org xterm patch 237

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.