oss-sec mailing list archives
Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 15 Jun 2012 13:57:27 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/15/2012 11:59 AM, Stefan Cornelius wrote:
On 05/22/2012 07:39 PM, Kurt Seifried wrote:B) vte issue: ============= http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=673871#5there is similar issue in vte too (Gnome bug private for now): https://bugzilla.gnome.org/show_bug.cgi?id=676090Cc-ed Behdad Esfahbod on this post to clarify, what are the upstream plans regarding this report in vte and if the CVE id has been already assigned for it.Will wait for confirmation.Hi, I think http://www.openwall.com/lists/oss-security/2012/05/23/6 is a reasonable confirmation. Additionally, upstream fixed this in 0.32.2: http://ftp.gnome.org/pub/GNOME/sources/vte/0.32/vte-0.32.2.news In case you agree that all requirements are fulfilled, could you please assign a CVE to the B) part? Thanks in advance and kind regards,
Please use CVE-2012-2738 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP25OnAAoJEBYNRVNeJnmTfRAQAKhtUxuCxr9qGvssp2dsF7+h eKMGKwEiQfof8CSZJYh6TBVA1ywb0RbIBK8te6pRN7HFBSTQYttrwiVXtfNStXLQ V5+5/IE6oCwtBduVlGpITnnzCMn5BjHvXGbrzQacAQdeaBaOfHgLP+oBXZmrqrkO Hj/eIsFBwAyY0ETC/FrEuZFAf544bE3P2Az8dn8qWRS3jrIisVAZHlbvjHoTzy/W ALJ2JPbuMQC+dlS9AyRwFr9b3q0D9E8pe03HxDUCTCltjizgsSDx+wNO1HeDSpAD XBShdMrnXPddznjVQi2Kx3dY23upa+595Qq2lAOVun9bq/BBQDw0Xj2XjuO0olS5 n/rPoT4QK6wyX+KGM4tCDQWa3d3BCv3HvaDqYp1DVJhdS3AzU/lml4JCiuif0i3H gB8Sa0ybK78WbUDU9+C1OacpZBMbsyCDunQ/YPLwERwVn7QqJvXrvx6sQjzNI77e BuLGM3JZFQhOYyCemUsdkNRK7ocf2eGWQQi2mybKwmy4ph48WLhY1PIRLqhqZjUw T/i6xeaY4G30h/p6A9Cecb/Teormse8yhUY3s0EJ/3Hxc09cfrNo0hsaRDr7haEm /OJzH635LqUwndsXyO6qMRK3I7rY5JS0ztSEGbSlAo2iTrBDfjBxMjkpt2STBqZH V9Cldd7gAN5PADYDzdiz =b9Af -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Jan Lieskovsky (May 22)
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Kurt Seifried (May 22)
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Stefan Cornelius (Jun 15)
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Kurt Seifried (Jun 15)
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Stefan Cornelius (Jun 15)
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Behdad Esfahbod (May 23)
- <Possible follow-ups>
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Keith Winstein (May 22)
- Re: CVE Request -- mosh (and probably vte too): mosh server DoS (long loop) due improper parsing of terminal parameters in terminal dispatcher Kurt Seifried (May 22)