aleph1SECURITYFOCUS.COM

• Next message: Aleph One: "Security Bulletins Digest"
• Previous message: Elias Levy: "Re: bind running as root in Mandrake 7.0"
• Next in thread: Michael Jennings: "Re: [rootshell.com] Xterm DoS Attack"
• Maybe reply: Elias Levy: "Re: [rootshell.com] Xterm DoS Attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Summary of the last messages on this thread. I am killing this thread.

"Juergen P. Meier" <jorfm.rz.fh-muenchen.de>:

redhat 6.2(x86)'s xterm vulnerable
SunOS5.6 and 5.7's xterm not vulnerable (/usr/openwin/bin/xterm)
SunOS5.6 dtterm not vulnerable

this seems to be a problem in XFree's version of xterm and some
terminals derived therefrom...

"Juergen P. Meier" <jorfm.rz.fh-muenchen.de>:

after reading this, i played a bit too and caused SunOS 5.6
(solaris 2.6) dtterm to exit on echo -e "\033[4;21;12t" with

  X Error of failed request: BadValue (integer parameter out of range for operation)
   Major opcode of failed request: 12 (X_ConfigureWindow)
   Value in failed request: 0x0
   Serial number of failed request: 615
   Current serial number in output stream: 616

although i wouldnt use dtterm to tail -f logfiles anyway ;)

sun's xterm (openwin) seems to be unimpressed by any value i tried.

"jens j." <jan0schgmx.net>:

didn't work with wterm 6.2.7 and gnome-terminal 1.2.0.
worked against xterm and rxvt but X wasn't going down.

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

• Next message: Aleph One: "Security Bulletins Digest"
• Previous message: Elias Levy: "Re: bind running as root in Mandrake 7.0"
• Next in thread: Michael Jennings: "Re: [rootshell.com] Xterm DoS Attack"
• Maybe reply: Elias Levy: "Re: [rootshell.com] Xterm DoS Attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]