oss-sec mailing list archives

Re: CVE request: rxvt-unicode user-assisted arbitrary commands execution

From: cve-assign () mitre org
Date: Wed, 30 Apr 2014 23:41:23 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

rxvt-unicode-9.20 (aka urxvt) includes a security update to address a
user-assisted arbitrary commands execution issue. This can be
exploited by the unprocessed display of certain escape sequences in a
crafted text file or program output.

arbitrary command sequences can be constructed using this, and
unintentionally executed if used in conjunction with various other
escape sequences.

http://dist.schmorp.de/rxvt-unicode/Changes


Use CVE-2014-3121.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJTYcHgAAoJEKllVAevmvmsKpoIAKMpm+B8q61J3eNZNVrdQ6Hy
IZlBiJAu0qWTb9xDZFz1BLtz7WrljVem+/aBM+L2e14sXncNLFlYk+Zg0azyhnXW
rEV+2cArAu+GLMB4C0Q4g0GdhNcDe41Q3smcCUbpRQQFpkU6e/R2NxH2nQjNAX9E
acRDB7DiNgXJ6iZ02F+N++6+AQhc3VuV09jSeizimcbjNuzQVopCxdq3hOEkDO2W
9eyy8Krx2nUHABdRRRUkl8NmWXsP8fbjD+ZuASYIfPRNM/HZLmEvQeZIA4BO5Dvl
Z4ybucja+bKcjb8D3jHijTrubG3Yyskwkc8J5WwYuIebAWNAag1EB676SHW95zA=
=1utq
-----END PGP SIGNATURE-----

Current thread:

CVE request: rxvt-unicode user-assisted arbitrary commands execution Conor McCarthy (Apr 30)
- Re: CVE request: rxvt-unicode user-assisted arbitrary commands execution cve-assign (Apr 30)