[15267] in bugtraq
Re: [rootshell.com] Xterm DoS Attack
daemon@ATHENA.MIT.EDU (Elias Levy)
Thu Jun 8 17:16:01 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000608114737.G2693@securityfocus.com>
Date: Thu, 8 Jun 2000 11:47:37 -0700
Reply-To: aleph1@SECURITYFOCUS.COM
From: Elias Levy <aleph1@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200006041635.SAA07110@sebs.hans.de>
Summary of the last messages on this thread. I am killing this thread.
"Juergen P. Meier" <jor@fm.rz.fh-muenchen.de>:
redhat 6.2(x86)'s xterm vulnerable
SunOS5.6 and 5.7's xterm not vulnerable (/usr/openwin/bin/xterm)
SunOS5.6 dtterm not vulnerable
this seems to be a problem in XFree's version of xterm and some
terminals derived therefrom...
"Juergen P. Meier" <jor@fm.rz.fh-muenchen.de>:
after reading this, i played a bit too and caused SunOS 5.6
(solaris 2.6) dtterm to exit on echo -e "\033[4;21;12t" with
X Error of failed request: BadValue (integer parameter out of range for operation)
Major opcode of failed request: 12 (X_ConfigureWindow)
Value in failed request: 0x0
Serial number of failed request: 615
Current serial number in output stream: 616
although i wouldnt use dtterm to tail -f logfiles anyway ;)
sun's xterm (openwin) seems to be unimpressed by any value i tried.
"jens j." <jan0sch@gmx.net>:
didn't work with wterm 6.2.7 and gnome-terminal 1.2.0.
worked against xterm and rxvt but X wasn't going down.
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
