Multiple Vendor xterm (and derivatives) Denial of Service Vulnerability

xterm is a popular X11-based terminal emulator. If VT control-characters are displayed in the xterm, they can be interpreted and used to cause a denial of service attack against the client (and even the host running the client). What makes it possible for remote users to exploit this vulnerability is a situation like this:

An admin is tailing the http access log

Attacker requests url with control characters in it

Admin's xterm crashes

This vulnerability also affects applications (such as other terminal emulators) derived from xterm code.


 

Privacy Statement
Copyright 2010, SecurityFocus