FreeBSD : vte -- Classic terminal title set+query attack (9a8fecef-92c0-11df-b140-0015f2db7bde)
Medium Nessus Plugin ID 47752
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionKees Cook reports :
Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges.
SolutionUpdate the affected package.