oss-sec mailing list archives
Re: CVE id request: htop
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 14 Nov 2008 16:48:27 +0100
Hello Nico, any success when receiving the CVE id for this one? What about the reproducer? Not meaning Debian report based one (successfully reproduced), but rather that one issuing malicious escape sequences to the terminal used for displaying. Thanks, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team On Sun, 2008-11-02 at 13:06 +0100, Nico Golde wrote:
Hi, htop doesn't filter non printable characters in process names which enables processes doing evil things with the display using escape sequences. http://bugs.debian.org/504144 Steve, can you assign a CVE id to this? Cheers Nico
Current thread:
- CVE id request: htop Nico Golde (Nov 02)
- Re: CVE id request: htop Jan Lieskovsky (Nov 14)
- Re: CVE id request: htop Steven M. Christey (Nov 14)
- Re: CVE id request: htop Nico Golde (Nov 15)
- Re: CVE id request: htop Steven M. Christey (Nov 14)
- Re: CVE id request: htop Jan Lieskovsky (Nov 14)