Mandriva Linux Security Advisory : xterm (MDVSA-2009:005)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

A vulnerability has been discovered in xterm, which can be exploited
by malicious people to compromise a user's system. The vulnerability
is caused due to xterm not properly processing the DECRQSS Device
Control Request Status String escape sequence. This can be exploited
to inject and execute arbitrary shell commands by e.g. tricking a user
into displaying a malicious text file containing a specially crafted
escape sequence via the more command in xterm (CVE-2008-2383).

The updated packages have been patched to prevent this.

Solution :

Update the affected xterm package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 36977 (mandriva_MDVSA-2009-005.nasl)

Bugtraq ID: 33060

CVE ID: CVE-2008-2383

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now