Apple Mac OS X Terminal Window Title Escape Sequence Command Execution Vulnerability
BID:13503
Info
Apple Mac OS X Terminal Window Title Escape Sequence Command Execution Vulnerability
| Bugtraq ID: | 13503 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1341 |
| Remote: | No |
| Local: | Yes |
| Published: | May 03 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovery of this issue is credited to David Remahl. |
| Vulnerable: |
Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 |
| Not Vulnerable: | |
Discussion
Apple Mac OS X Terminal Window Title Escape Sequence Command Execution Vulnerability
Apple Mac OS X Terminal is reported prone to an input validation vulnerability.
Apple Terminal window title feature may be abused to execute arbitrary commands on a system running the vulnerable software.
It is possible to exploit this issue if an attacker can cause malicious escape sequences to be displayed in a terminal window of the vulnerable terminal.
Apple Mac OS X Terminal is reported prone to an input validation vulnerability.
Apple Terminal window title feature may be abused to execute arbitrary commands on a system running the vulnerable software.
It is possible to exploit this issue if an attacker can cause malicious escape sequences to be displayed in a terminal window of the vulnerable terminal.
Exploit / POC
Apple Mac OS X Terminal Window Title Escape Sequence Command Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Apple Mac OS X Terminal Window Title Escape Sequence Command Execution Vulnerability
Solution:
Apple has released advisory (APPLE-SA-2005-05-03) to address this and other issues. Please see the referenced advisory for more information.
Apple Mac OS X 10.3.9
Apple Mac OS X Server 10.3.9
Solution:
Apple has released advisory (APPLE-SA-2005-05-03) to address this and other issues. Please see the referenced advisory for more information.
Apple Mac OS X 10.3.9
-
Apple SecUpd2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005client.htm l
Apple Mac OS X Server 10.3.9
-
Apple SecUpdSrvr2005-005Pan.dmg
http://www.apple.com/support/downloads/securityupdate2005005server.htm l
References
Apple Mac OS X Terminal Window Title Escape Sequence Command Execution Vulnerability
References:
References:
- Mac OS X terminal emulators allow reading and writing of window title through es (David Remahl)
- Vendor Home Page (Apple)
- Advisories for 4 vulnerabilities addressed by Apple SU 2005-005 (David Remahl
)