Eterm Screen Dump 转义序列本地文件损坏漏洞

漏洞信息详情

Eterm Screen Dump 转义序列本地文件损坏漏洞

• CNNVD编号：CNNVD-200303-023
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2003-0021
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2003-03-03
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-12
  
• 厂        商：
  
  michael_jennings
• 漏洞来源：
  Discovery of these…

Eterm 0.9.1及其更早版本的“screen dump”功能存在漏洞。攻击者可以借助用户批处理某个字符转义序列时覆盖任意文件，例如在用户浏览包含恶意序列的文件时。

Gentoo Linux has released an advisory. Users who have installed x11-terms/eterm are advised to upgrade to eterm-0.9.2-r3 by issuing the following commands:
emerge sync
emerge -u eterm
emerge clean
This issue has been addressed in Eterm 0.9.2. Users are advised to upgrade.
Michael Jennings Eterm 0.8.10

• Michael Jennings Eterm 0.9.2
  
  http://www.eterm.org/download/

Michael Jennings Eterm 0.9.1

• MandrakeSoft Eterm-0.9.2-2.1mdk.i586.rpmMandrake Linux 9.0
  
  http://www.mandrakesecure.net/en/ftp.php
• MandrakeSoft Eterm-devel-0.9.2-2.1mdk.i586.rpmMandrake Linux 9.0
  
  http://www.mandrakesecure.net/en/ftp.php
• MandrakeSoft libast1-0.5-1.1mdk.i586.rpmMandrake Linux 9.0
  
  http://www.mandrakesecure.net/en/ftp.php
• MandrakeSoft libast1-devel-0.5-1.1mdk.i586.rpmMandrake Linux 9.0
  
  http://www.mandrakesecure.net/en/ftp.php
• Michael Jennings Eterm 0.9.2
  
  http://www.eterm.org/download/

来源: XF
名称: terminal-emulator-screen-dump(11413)
链接:http://www.iss.net/security_center/static/11413.php

来源: VULNWATCH
名称: 20030224 Terminal Emulator Security Issues
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html

来源: BID
名称: 6936
链接:http://www.securityfocus.com/bid/6936

来源: MANDRAKE
名称: MDKSA-2003:040
链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040

来源: BUGTRAQ
名称: 20030224 Terminal Emulator Security Issues
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2