OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [rootshell.com] Xterm DoS Attack
From: Michael Jennings (mejVALINUX.COM)
Date: Thu Jun 01 2000 - 21:29:46 CDT


On Thursday, 01 June 2000, at 11:21:16 (-0700),
Kit Knox wrote:

> * xterm Denial of Service Attack
> * (C) 2000 Kit Knox <kitrootshell.com> - 5/31/2000
> *
> * Tested against: xterm (XFree86 3.3.3.1b(88b) -- crashes
> * rxvt v2.6.1 -- consumes all available memory and then
> * crashes.

All current versions of Eterm are vulnerable. Attached are patches to
Eterm 0.8.10 and 0.9. Similar changes have been committed to 0.8.11
and 0.9.1 in CVS.

Michael

--
 "Greater than the death of flesh is the death of hope, the death of
  dreams.  Against this peril we can never surrender."
                                                   -- G'Kar, Babylon 5
=======================================================================
Michael Jennings  <mejeterm.org>  www.tcserv.com  PGP Key ID: BED09971
Software Engineer, VA Linux Systems       Author, Eterm (www.eterm.org)