Bugtraq mailing list archives

Re: [rootshell.com] Xterm DoS Attack

From: aleph1 () SECURITYFOCUS COM (Elias Levy)
Date: Thu, 8 Jun 2000 11:47:37 -0700


Summary of the last messages on this thread. I am killing this thread.

"Juergen P. Meier" <jor () fm rz fh-muenchen de>:

redhat 6.2(x86)'s xterm vulnerable
SunOS5.6 and 5.7's xterm not vulnerable (/usr/openwin/bin/xterm)
SunOS5.6 dtterm not vulnerable

this seems to be a problem in XFree's version of xterm and some
terminals derived therefrom...

"Juergen P. Meier" <jor () fm rz fh-muenchen de>:

after reading this, i played a bit too and caused SunOS 5.6
(solaris 2.6) dtterm to exit on echo -e "\033[4;21;12t" with

  X Error of failed request:  BadValue (integer parameter out of range for operation)
   Major opcode of failed request:  12 (X_ConfigureWindow)
   Value in failed request:  0x0
   Serial number of failed request:  615
   Current serial number in output stream:  616

although i wouldnt use dtterm to tail -f logfiles anyway ;)

sun's xterm (openwin) seems to be unimpressed by any value i tried.

"jens j." <jan0sch () gmx net>:

didn't work with wterm 6.2.7 and gnome-terminal 1.2.0.
worked against xterm and rxvt but X wasn't going down.

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

Current thread:

Re: [rootshell.com] Xterm DoS Attack Hans, Sebastian (Jun 04)
- Security Update: serious bug in setuid() Technical Support (Jun 08)
- Security Bulletins Digest Aleph One (Jun 08)
- Internet Security Systems Security Advisory: Buffer Overflow in i-drive Filo (tm) software Aleph One (Jun 08)
- Re: [rootshell.com] Xterm DoS Attack Elias Levy (Jun 08)
- <Possible follow-ups>
- Re: [rootshell.com] Xterm DoS Attack Simon Tatham (Jun 06)
  - Re: [rootshell.com] Xterm DoS Attack Michael Jennings (Jun 08)