oss-sec mailing list archives
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 22 May 2012 11:39:55 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/22/2012 07:53 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, based on: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871 [2] https://github.com/keithw/mosh/issues/271 A) Mosh issue: ============== A denial of service flaw was found in the way mosh, a remote terminal application, performed processing of parameters that have been passed to the terminal in the terminal dispatcher class (previously there was no limit for the count of parameters, which were allowed to be passed to the dispatcher). A remote atttacker could use this flaw to cause a denial of service (mosh server to enter long for loop when trying to process the paramaters) via specially-crafted escape sequence string. Upstream ticket: [3] https://github.com/keithw/mosh/issues/271 Relevant upstream patch: [4] https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e References: [5] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871 [6] https://bugzilla.redhat.com/show_bug.cgi?id=823943 Could you allocate a CVE id for this? (issue confirmed by mosh upstream)
Please use CVE-2012-2385 for this issue.
B) vte issue: ============= http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871#5 there is similar issue in vte too (Gnome bug private for now): https://bugzilla.gnome.org/show_bug.cgi?id=676090 Cc-ed Behdad Esfahbod on this post to clarify, what are the upstream plans regarding this report in vte and if the CVE id has been already assigned for it.
Will wait for confirmation.
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPu89rAAoJEBYNRVNeJnmTLrAP/3q6tRebtqt9w4Dqgtku62ib eCKs+EYrgAKmThklXgxbXcHEgT71mAkaX1M9qbQSjodhqeFlvOOodkQ0/sjOd+6q YaZfsiLT43bC4ky35nW/ddhv+l3xuAte3gvnN947PvCGe6wOU/rBZ3KDEjCJDevf Ob93NfBAqKC5pw+9Sw1CQHHK/kQMY2BL9gqcFriISqhVYYZRCw0/wFnQOdINNq+4 U2nxMfx9NkobOhDKSYZ0s8QHumcYJY0cVIS8mHDRYf0BHV4y+wSCZTASQnrDOXv4 qxWVgLVb3aFCxTL3oExpKgKqS+YCh4TrE9+4zaLqG/Yn7MDjWmrvqskTznzlQx5T AbyIbPwXkIy+uhhP7n9Wm7eAUgSq47ZqpQb51Vi4dY2rioudIq8dmH3Fi7pa+EHE yCHjOf/YtkYYHVykP5LeT5b5WkmLCjR9VxkKkSsxXwT3hfZf+TQP7k3Q1D3IIhqz tJSoUWx8ydEapj94GwTSP8MDVohZsPtnQICZKIbzWO4Yem4NkL7Gibdcqz+/l0HS jja1VsoVMKp3GshM+9hTes0Kil/zpyxuW419cQk6rqS0bbbackSVAnkudGt4GyH7 awYBkhmUjfL0YXiZx/wHE9zLrb1v7J8Beujnaq6XoBzFyklBm+Xp8IISdOKyHgHm NXSsanFLjGm0ogF3+cYQ =Ws5Q -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Jan Lieskovsky (May 22)
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Kurt Seifried (May 22)
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Behdad Esfahbod (May 23)
- <Possible follow-ups>
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Keith Winstein (May 22)