Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 334475 (CVE-2010-2713) - <x11-libs/vte-0.26.2: Arbitrary Code Execution Vulnerability (CVE-2010-2713)
Summary: <x11-libs/vte-0.26.2: Arbitrary Code Execution Vulnerability (CVE-2010-2713)
Status: RESOLVED FIXED
Alias: CVE-2010-2713
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://git.gnome.org/browse/vte/commi...
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-08-25 17:00 UTC by Tim Sammut (RETIRED)
Modified: 2014-12-12 00:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-08-25 17:00:54 UTC
From the NVD, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2713:

The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.
Comment 2 Gilles Dartiguelongue (RETIRED) gentoo-dev 2011-05-02 09:50:27 UTC
The commit in URL was released in revisions >=0.25.90 and all revisions that would have been affected have left the tree on March, 27th thanks to nirbheek.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-05-02 14:35:04 UTC
(In reply to comment #2)
> The commit in URL was released in revisions >=0.25.90 and all revisions that
> would have been affected have left the tree on March, 27th thanks to nirbheek.

Great, thanks. Since 0.26.2 is already stable... GLSA request filed.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-12-12 00:40:05 UTC
This issue was resolved and addressed in
 GLSA 201412-10 at http://security.gentoo.org/glsa/glsa-201412-10.xml
by GLSA coordinator Sean Amoss (ackle).