CVE-2003-0070 and gnome-terminal

Djoume SALVETTI salvetti@crans.org
Wed, 3 Nov 2004 15:12:58 +0100 

--0OAP2g/MAC+5xKAE
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


Good day,

I'm reviewing the list of 2003 CVEs to check if there is still
some known vulnerable package in testing.

In CVE-2003-0070 it is written :

| VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an
| option in gnome-terminal 2.0, allows attackers to modify the window title=
 via a
| certain character escape sequence and then insert it back to the command =
line
| in the user's terminal, e.g. when the user views a file containing the
| malicious sequence, which could allow the attacker to execute arbitrary
| commands.

I haven't see any mention of this in gnome-terminal or vte packages
changelogs, but I've found in vte upstream changelog :

| 2003-02-24 nalin
|   * src/vte.c(vte_sequence_handler_window_manipulation): don't report the
|   user-settable title and icon strings to applications, based on H D
|   Moore's "Terminal Emulator Security Issues" (CAN-2003-0070).

So this vulnerability is certainly fixed. The only problem I have it's
that I'm not sure about the package version that fixed it.

I think the fix is in vte 0.11.10-1 because it was uploaded on november
2003, so 9 month after this was fixed upstream. But I can't find any
0.11.10 version in upstream changelog, only a mention to 0.11.x version
on 2003-01-30, so there is still a (little) possibility that debian
package vte 0.11.10-1 does not include the fix.

Could you tell me where the minor version number (10 in 0.11.10) come
from or which package version include the fix for CVE-2003-0070?

Thanks in advance for you help.

Regards.
--=20
Djoum=E9 SALVETTI

--0OAP2g/MAC+5xKAE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBiOdqGij5kdLL7DERAiiWAJ4sWPr4CuiLx+f9l4wJ4EPcqYbouwCfQ6A/
Me83yQ+qc2zCojLO+xl4dak=
=PnfG
-----END PGP SIGNATURE-----

--0OAP2g/MAC+5xKAE--