FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vte -- Classic terminal title set+query attack

Affected packages
vte < 0.24.3

Details

VuXML ID 9a8fecef-92c0-11df-b140-0015f2db7bde
Discovery 2010-07-15
Entry 2010-07-18

Kees Cook reports:

Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.

References

CVE Name CVE-2010-2713
URL http://www.securityfocus.com/archive/1/512388