oss-sec mailing list archives
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher
From: Behdad Esfahbod <behdad () behdad org>
Date: Tue, 22 May 2012 21:48:42 -0400
[+chpe] On 05/22/2012 09:53 AM, Jan Lieskovsky wrote:
B) vte issue: ============= http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871#5 there is similar issue in vte too (Gnome bug private for now): https://bugzilla.gnome.org/show_bug.cgi?id=676090 Cc-ed Behdad Esfahbod on this post to clarify, what are the upstream plans regarding this report in vte and if the CVE id has been already assigned for it.
Christian Persch, CC'ed, has already produced two patches to address these issues: * Limit all parsed integers in escape sequences to 65535. This is in line with the mosh change, * In the specific sequences mentioned in the original report, limit to screen metrics (columns, rows, etc) the same way that xterm does this. The patches have not been committed yet from what I can see. If there's a coordinated embargo release date being set for this, we can respect that I believe. behdad
Current thread:
- CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Jan Lieskovsky (May 22)
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Kurt Seifried (May 22)
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Behdad Esfahbod (May 23)
- <Possible follow-ups>
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Keith Winstein (May 22)