ISS X-Force Database: terminal-emulator-dec-udk(11415): Multiple vendor terminal emulator DEC UDK denial of service

Multiple vendor terminal emulator DEC UDK denial of service

terminal-emulator-dec-udk (11415)

Low Risk

Description:

Multiple vendor terminal emulator software packages, including hanterm-xf is vulnerable to a denial of service attack, caused by improper handling of malformed escape sequences during DEC UDK processing. Escape sequences are a series of characters that begin with the ASCII (0x1B) sequence and are followed by a series of arguments. If an attacker could inject malformed escape sequences into a user's terminal emulator session, the attacker could cause the terminal emulator to enter into a loop and crash.

Platforms Affected:

Debian, Debian Linux 3.0
HP, HP-UX 11.00
HP, HP-UX 11.11
HP, HP-UX 11.22
HP, HP-UX 11.23
Jake Song, hanterm-xf 2.0
RedHat, Enterprise Linux 2.1 AW
RedHat, Enterprise Linux 2.1 WS
RedHat, Enterprise Linux 2.1 AS
RedHat, Enterprise Linux 2.1 ES
RedHat, Linux 7.1
RedHat, Linux 7.2
RedHat, Linux 7.3
RedHat, Linux 8.0
RedHat, Linux Advanced Workstation 2.1 Itanium
Sun, Linux 5.0
XFree86, XFree86 4.2.0

Remedy:

For Red Hat Linux containing the hanterm package:
Upgrade to the latest hanterm package, as listed below. Refer to RHSA-2003:070-12 for more information. See References.

Red Hat 7.2 and 7.3: 2.0.5-5.7.4 or later
Red Hat 8.0: 2.0.5-5.8.0 or later

For Red Hat Linux 8.0 containing the XFree86 packag:
Upgrade to the latest XFree86 package (4.2.1-21 or later), as listed in RHSA-2003:067-19. See References.

For Red Hat Linux containing the hanterm package:
Upgrade to the latest hanterm package, as listed below. Refer to RHSA-2003:071-12 for more information. See References.

Red Hat Enterprise Linux AS (v. 2.1), ES (v.2.1), WS (v.2.1), and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor: 2.0.5-5.AS21.1 or later

For Sun Linux 5.0:
Apply the appropriate patch for your system. Refer to Sun Alert ID: 55602 for more information. See References.

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest xfree86 package (4.1.0-16woody1 or later), as listed in DSA-380-1. See References.

For HP-UX 11.00, 11.11,11.22, and 11.23:
Apply the update for this vulnerability, as listed in Hewlett-Packard Security Bulletin HPSBUX01019. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Denial of Service

References:

CIAC Information Bulletin N-110, Red Hat Updated XFree86 Packages Provide Security and Bug Fixes at http://www.ciac.org/ciac/bulletins/n-110.shtml.
Sun Alert ID: 55602, Sun Linux 5.0 Security Vulnerabilities in XFree86 Packages at http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55602&zone_32=category%3Asecurity.
VulnWatch Mailing List, Mon Feb 24 2003 - 15:02:52 CST , Terminal Emulator Security Issues at http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html.
BID-6944: Hanterm-XF Loop-Based Escape Sequence Denial of Service Vulnerability
BID-6950: Xterm Loop-Based Escape Sequence Denial Of Service Vulnerability
BID-9930: Apache Error Log Escape Sequence Injection Vulnerability
CVE-2003-0071: The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
CVE-2003-0079: The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
DSA-380: xfree86 -- buffer overflows
OSVDB ID: 4918: Hangul Terminal hanterm-xf DoS
RHSA-2003-064: Updated XFree86 4.1.0 packages are available
RHSA-2003-065: XFree86 security update
RHSA-2003-066: Updated XFree86 packages provide security and bug fixes
RHSA-2003-067: Updated XFree86 packages provide security and bug fixes
RHSA-2003-070: Updated hanterm packages provide security fixes
RHSA-2003-071: hanterm-xf security update

Reported:

Feb 24, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page