• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Xterm Loop-Based Escape Sequence Denial Of Service Vulnerability

The Xterm terminal fails to sufficiently filter certain potentially malicious loop-based escape sequences, leaving the terminal open to attacks including attacker-initiated tight loops that may exhaust CPU resources.

The problem has been reported to result from a lack of sufficient sanitization of potentially malicious escape sequences, which are handled by the DEC UDK processor implementation in the vulnerable terminal.

It is possible to exploit these issues if an attacker can cause malicious escape sequences to be displayed in a terminal window of a vulnerable terminal emulator.