Title: ATerm Menu Bar Escape Sequence Command Execution Vulnerability
Severity: HIGH
Description:
aterm is terminal emulation software that is available for Unix and Linux variants.
aterm supports a feature that allows MenuBar items to be added from the command line. It is possible to trigger this feature via escape sequences in the terminal window. This feature may be abused to create an arbitrary menu item that contains arbitrary commands. If this menu item is later accessed by the terminal user, the arbitrary commands may be executed.
Exploitation may lead to remote compromise or local privilege escalation.
It is possible to exploit this issue if an attacker can cause malicious escape sequences to be displayed in a terminal window of a vulnerable terminal emulator. Malicious escape sequences can be injected into a terminal session through various means, such as programs that log user input without removing potentially dangerous escape sequences. Untrusted applications or servers may also send malicious escape sequences to the terminal. In addition, any systems which allow a user to broadcast messages to other users may provide a means of exploitation. Many UNIX systems support this with the "wall" service.
This vulnerability was originally described in BID 6931 "Multiple Vendor Terminal Emulator Escape Sequence Vulnerabilities". It is now being assigned a separate BID.
Affected Products:
- aterm aterm 0.4.2
References:
- Digital Defense: TERMINAL EMULATOR SECURITY ISSUES
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
