ID CVE-2010-2713
Summary The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.
References
Vulnerable Configurations
  • Nalin Dahyabhai VTE 0.25.1
    cpe:2.3:a:nalin_dahyabhai:vte:0.25.1
  • Nalin Dahyabhai VTE 0.24.3
    cpe:2.3:a:nalin_dahyabhai:vte:0.24.3
  • Nalin Dahyabhai VTE 0.22.5
    cpe:2.3:a:nalin_dahyabhai:vte:0.22.5
  • Nalin Dahyabhai VTE 0.20.5
    cpe:2.3:a:nalin_dahyabhai:vte:0.20.5
  • Nalin Dahyabhai VTE 0.17.4
    cpe:2.3:a:nalin_dahyabhai:vte:0.17.4
  • Nalin Dahyabhai VTE 0.16.14
    cpe:2.3:a:nalin_dahyabhai:vte:0.16.14
  • Nalin Dahyabhai VTE 0.14.2
    cpe:2.3:a:nalin_dahyabhai:vte:0.14.2
  • Nalin Dahyabhai VTE 0.12.2
    cpe:2.3:a:nalin_dahyabhai:vte:0.12.2
  • Nalin Dahyabhai VTE 0.11.21
    cpe:2.3:a:nalin_dahyabhai:vte:0.11.21
  • Nalin Dahyabhai VTE 0.15.0
    cpe:2.3:a:nalin_dahyabhai:vte:0.15.0
  • GNOME gnome-terminal
    cpe:2.3:a:gnome:gnome-terminal
CVSS
Base: 6.8 (as of 06-08-2010 - 10:45)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-161.NASL
    description A vulnerability has been found and corrected in vte : The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression (CVE-2010-2713). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48428
    published 2010-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48428
    title Mandriva Linux Security Advisory : vte (MDVSA-2010:161)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_VTE-100716.NASL
    description VTE was vulnerable to an old title set+query attack which could be used by remote attackers to execute arbitrary code (CVE-2010-2713).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75770
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75770
    title openSUSE Security Update : vte (openSUSE-SU-2010:0404-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-962-1.NASL
    description Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 47742
    published 2010-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47742
    title Ubuntu 9.04 / 9.10 / 10.04 LTS : vte vulnerability (USN-962-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_VTE-100715.NASL
    description This update fixes a vulnerability of VTE to an old title set and query attack which could be used by remote attackers to execute arbitrary code. (CVE-2010-2713)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 51634
    published 2011-01-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51634
    title SuSE 11.1 Security Update : vte, vte-debuginfo, vte-debugsource, vte-devel, vte-doc, vte-lang (SAT Patch Number 2718)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_9A8FECEF92C011DFB1400015F2DB7BDE.NASL
    description Kees Cook reports : Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 47752
    published 2010-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47752
    title FreeBSD : vte -- Classic terminal title set+query attack (9a8fecef-92c0-11df-b140-0015f2db7bde)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_VTE-100716.NASL
    description VTE was vulnerable to an old title set+query attack which could be used by remote attackers to execute arbitrary code (CVE-2010-2713).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 47776
    published 2010-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47776
    title openSUSE Security Update : vte (openSUSE-SU-2010:0404-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 79963
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79963
    title GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012
refmap via4
bid 41716
confirm
secunia 40635
suse SUSE-SR:2010:014
ubuntu USN-962-1
vupen ADV-2010-1839
Last major update 09-09-2010 - 01:43
Published 05-08-2010 - 14:17
Back to Top