Jouni Tulkki wrote (in a message from Sunday 2)
> According the following paper, there is a remote exploit possible when
> using xterm, if I understood it right. Is this true?
>
> Here is the location of the paper:
> http://www.digitaldefense.net/labs/papers/Termulation.txt
>
It's not false, but I'm not sure if it's possible in the real world.
The attacker needs a way to have an user cat the file containing the
malicious sequences directly to xterm. Most applications (mail,
more/less, etc) will filter out these sequences. Moreover as
mentionned in the paper, no return can be embedded in xterm's
title. So the malicious file needs a way (social attack) to get the
user to validate the command.
Anyways, the new resource AllowWindowsOps in xterm #174, as shipped
with XFree86 4.3.0 allows to disable all this potentially dangerous
escape sequences if they're a concern for you.
This xterm version does also include a fix for the DEC UDK issue
described in the paper you cite.
Matthieu
_______________________________________________
XFree86 mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/xfree86
