Vulnerabilities > CVE-2003-0022 - Unspecified vulnerability in Rxvt

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
rxvt
nessus

Summary

The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-034.NASL
    descriptionDigital Defense Inc. released a paper detailing insecurities in various terminal emulators, including rxvt. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise.
    last seen2020-06-01
    modified2020-06-02
    plugin id14018
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14018
    titleMandrake Linux Security Advisory : rxvt (MDKSA-2003:034)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2003:034. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14018);
      script_version ("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:46");
    
      script_cve_id("CVE-2003-0022", "CVE-2003-0023", "CVE-2003-0066");
      script_xref(name:"MDKSA", value:"2003:034");
    
      script_name(english:"Mandrake Linux Security Advisory : rxvt (MDKSA-2003:034)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Digital Defense Inc. released a paper detailing insecurities in
    various terminal emulators, including rxvt. Many of the features
    supported by these programs can be abused when untrusted data is
    displayed on the screen. This abuse can be anything from garbage data
    being displayed to the screen or a system compromise."
      );
      # http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
      script_set_attribute(
        attribute:"see_also",
        value:"https://marc.info/?l=bugtraq&m=104612710031920&w=2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected rxvt, rxvt-CJK and / or rxvt-devel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rxvt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rxvt-CJK");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:rxvt-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/03/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"rxvt-2.7.8-6.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"rxvt-CJK-2.7.8-6.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"rxvt-devel-2.7.8-6.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"rxvt-2.7.8-6.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"rxvt-CJK-2.7.8-6.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"rxvt-devel-2.7.8-6.1mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"rxvt-2.7.8-6.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"rxvt-CJK-2.7.8-6.1mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"rxvt-devel-2.7.8-6.1mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-055.NASL
    descriptionUpdated rxvt packages are available which fix a number of vulnerabilities in the handling of escape sequences. [Updated 12 March 2003] Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS Rxvt is a color VT102 terminal emulator for the X Window System. A number of issues have been found in the escape sequence handling of Rxvt. These could be potentially exploited if an attacker can cause carefully crafted escape sequences to be displayed on an rxvt terminal being used by their victim. One of the features which most terminal emulators support is the ability for the shell to set the title of the window using an escape sequence. Certain xterm variants, including rxvt, also provide an escape sequence for reporting the current window title. This essentially takes the current title and places it directly on the command line. Since it is not possible to embed a carriage return into the window title itself, the attacker would have to convince the victim to press the Enter key for the title to be processed as a command, although the attacker can perform a number of actions to increase the likelihood of this happening. A certain escape sequence when displayed in rxvt will create an arbitrary file. It is possible to add malicious items to the dynamic menus through an escape sequence. Users of Rxvt are advised to upgrade to these errata packages which contain a patch to disable the title reporting functionality and patches to correct the other issues. Red Hat would like to thank H D Moore for bringing these issues to our attention.
    last seen2020-06-01
    modified2020-06-02
    plugin id12365
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12365
    titleRHEL 2.1 : rxvt (RHSA-2003:055)

Redhat

advisories
  • rhsa
    idRHSA-2003:054
  • rhsa
    idRHSA-2003:055