多个供应商xterm（及衍生产品）拒绝服务漏洞

漏洞信息详情

多个供应商xterm（及衍生产品）拒绝服务漏洞

• CNNVD编号：CNNVD-200006-004
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0476
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2000-06-01
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  michael_jennings
• 漏洞来源：
  First posted to Bu…

xterm, Eterm和rxvt存在漏洞。攻击者通过嵌入迫使窗口调整大小的转义字符导致拒绝服务漏洞。

Michael Jennings released the following patches for Eterm:
Index: src/command.c
===================================================================
RCS file: /cvs/enlightenment/Eterm/src/command.c,v
retrieving revision 1.1.1.1.2.7
diff -u -r1.1.1.1.2.7 command.c
— src/command.c 1999/11/02 16:34:35 1.1.1.1.2.7
+++ src/command.c 2000/06/02 02:06:56
@@ -4694,6 +4694,9 @@
return; /* Make sure there are 2 args left */
y = args[++i];
x = args[++i];
+ if (x > scr->width || y > scr->height) {
+ return;
+ }
XResizeWindow(Xdisplay, TermWin.parent, x, y);
break;
case 5:
@@ -4713,6 +4716,9 @@
return; /* Make sure there are 2 args left */
y = args[++i];
x = args[++i];
+ if (x > (scr->width / TermWin.fwidth) || y > (scr->height / TermWin.fheight)) {
+ return;
+ }
XResizeWindow(Xdisplay, TermWin.parent,
Width2Pixel(x) + 2 * TermWin.internalBorder + (scrollbar_visible()? scrollbar_total_width() : 0),
Height2Pixel(y) + 2 * TermWin.internalBorder + (menubar_visible()? menuBar_TotalHeight() : 0));
–RpDyejMaDGJhP2PU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=”Eterm-0.9-DoS.patch”
Index: src/term.c
===================================================================
RCS file: /cvs/enlightenment/Eterm/src/term.c,v
retrieving revision 1.33
diff -u -r1.33 term.c
— src/term.c 2000/01/17 21:29:27 1.33
+++ src/term.c 2000/06/02 02:06:44
@@ -1232,6 +1232,8 @@
return; /* Make sure there are 2 args left */
y = args[++i];
x = args[++i];
+ UPPER_BOUND(y, scr->height);
+ UPPER_BOUND(x, scr->width);
XResizeWindow(Xdisplay, TermWin.parent, x, y);
#ifdef USE_XIM
xim_set_status_position();
@@ -1254,6 +1256,8 @@
return; /* Make sure there are 2 args left */
y = args[++i];
x = args[++i];
+ UPPER_BOUND(y, scr->height / TermWin.fheight);
+ UPPER_BOUND(x, scr->width / TermWin.fwidth);
XResizeWindow(Xdisplay, TermWin.parent,
Width2Pixel(x) + 2 * TermWin.internalBorder + (scrollbar_is_visible()? scrollbar_trough_width() : 0),
Height2Pixel(y) + 2 * TermWin.internalBorder);
–RpDyejMaDGJhP2PU–
Simon Tatham PuTTY 0.48

• Simon Tatham putty-dos.patch
  
  http://www.securityfocus.com/data/vulnerabilities/patches/putty-dos.pa
  tch

来源: BID
名称: 1298
链接:http://www.securityfocus.com/bid/1298

来源: BUGTRAQ
名称: 20000601 [rootshell.com] Xterm DoS Attack
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html

来源: BUGTRAQ
名称: 20000601 [rootshell.com] Xterm DoS Attack
链接:http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html