| Release Date | Mar 03, 2010 |
| Severity | Medium |
| Impact | If this vulnerability is successfully exploited, this issue allows an attacker to execute commands on the affected system leading to unauthorized disclosure of information and disruption of service. |
| Description | The xterm program is a standard terminal emulator for the X Window System.
An input validation vulnerability exists in the xterm handling of Device Control Request Status String (DECRQSS) escape sequences. It allows a malicious user to execute arbitrary shell commands using line-feed (LF) characters surrounding a command name within a DECRQSS escape sequence in a text file or by creating a log entry.
Red Hat has issued an update for xterm for Red Hat Enterprise Linux Versions 3, 4, and 5. |
| Affected Products | xterm before 179-11.EL3 for RHEL3 and Red Hat Desktop (v. 3)
xterm before 192-8.el4_7.2 for RHEL4 and Red Hat Desktop (v. 4)
xterm before 215-5.el5_2.2 for RHEL5 |
| Recommended Actions | To resolve this vulnerability, upgrade to the latest packages which contain a patch. These are available from the Red Hat Network.
Refer to Red Hat security advisory RHSA-2009-0018 to address this issue and obtain further details. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-2383
|