Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-703-1: xterm vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-703-1: xterm vulnerabilities
# 1  
Old 01-05-2009
USN-703-1: xterm vulnerabilities
Referenced CVEs:
CVE-2006-7236, CVE-2008-2383


Description:
===========================================================Ubuntu Security Notice USN-703-1 January 06, 2009xterm vulnerabilitiesCVE-2006-7236, CVE-2008-2383===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: xterm 208-3.1ubuntu3.1Ubuntu 7.10: xterm 229-1ubuntu0.1Ubuntu 8.04 LTS: xterm 229-1ubuntu1.1Ubuntu 8.10: xterm 235-1ubuntu1.1After a standard system upgrade you need to restart any running xterms toeffect the necessary changes.Details follow:Paul Szabo discovered that the DECRQSS escape sequences were not handledcorrectly by xterm. Additionally, window title operations were also notsafely handled. If a user were tricked into viewing a specially craftedseries of characters while in xterm, a remote attacker could executearbitrary commands with user privileges. (CVE-2006-7236, CVE-2008-2382)





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

rxterm

RXTERM(1)						    BSD General Commands Manual 						 RXTERM(1)

NAME

     rxterm -- start a secure remote xterm

SYNOPSIS

     rxterm [-l username] [-k] [-r rsh_args] [-x xterm_args] [-K kx_args] [-w term_emulator] [-b rsh_program] host [port]

DESCRIPTION

     The rxterm program starts an xterm window on host host.  From this window you will also be able to run X clients that will be able to connect
     securely to your X server. If port is given, that port will be used instead of the default.

     The supported options are:

     -l      Log in on the remote host as user username.

     -k      Disable keep-alives.

     -r      Send rsh_args as arguments to rsh.

     -x      Send xterm_args as arguments to xterm.

     -X      Send kx_args as arguments to kx.

     -w      Use term_emulator instead of xterm.

     -b      Use rsh_program instead of rsh.

     -v      Be verbose.

EXAMPLE

     To login from host foo (where your display is) to host bar, you might do the following.

     1.   On foo: rxterm bar

     2.   You will get a new window running an xterm on host bar.  In this window you will be able to start X clients.

SEE ALSO

     kx(1), rsh(1), rxtelnet(1), tenletxr(1), kxd(8)

KTH_KRB 							  April 11, 2003							   KTH_KRB