Vulnerabilities > CVE-2010-2713 - Remote Code Execution vulnerability in VTE Window and Icon Title
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression. Per: http://cwe.mitre.org/data/definitions/77.html 'CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')'
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 | |
| Application | 1 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-161.NASL description A vulnerability has been found and corrected in vte : The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression (CVE-2010-2713). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 48428 published 2010-08-25 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48428 title Mandriva Linux Security Advisory : vte (MDVSA-2010:161) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-10.NASL description The remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79963 published 2014-12-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79963 title GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-962-1.NASL description Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47742 published 2010-07-16 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47742 title Ubuntu 9.04 / 9.10 / 10.04 LTS : vte vulnerability (USN-962-1) NASL family SuSE Local Security Checks NASL id SUSE_11_VTE-100715.NASL description This update fixes a vulnerability of VTE to an old title set and query attack which could be used by remote attackers to execute arbitrary code. (CVE-2010-2713) last seen 2020-06-01 modified 2020-06-02 plugin id 51634 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51634 title SuSE 11.1 Security Update : vte, vte-debuginfo, vte-debugsource, vte-devel, vte-doc, vte-lang (SAT Patch Number 2718) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_9A8FECEF92C011DFB1400015F2DB7BDE.NASL description Kees Cook reports : Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges. last seen 2020-06-01 modified 2020-06-02 plugin id 47752 published 2010-07-19 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47752 title FreeBSD : vte -- Classic terminal title set+query attack (9a8fecef-92c0-11df-b140-0015f2db7bde) NASL family SuSE Local Security Checks NASL id SUSE_11_3_VTE-100716.NASL description VTE was vulnerable to an old title set+query attack which could be used by remote attackers to execute arbitrary code (CVE-2010-2713). last seen 2020-06-01 modified 2020-06-02 plugin id 75770 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75770 title openSUSE Security Update : vte (openSUSE-SU-2010:0404-1) NASL family SuSE Local Security Checks NASL id SUSE_11_2_VTE-100716.NASL description VTE was vulnerable to an old title set+query attack which could be used by remote attackers to execute arbitrary code (CVE-2010-2713). last seen 2020-06-01 modified 2020-06-02 plugin id 47776 published 2010-07-21 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47776 title openSUSE Security Update : vte (openSUSE-SU-2010:0404-1)
References
- http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://secunia.com/advisories/40635
- http://www.securityfocus.com/bid/41716
- http://www.ubuntu.com/usn/usn-962-1
- http://www.vupen.com/english/advisories/2010/1839
- https://bugzilla.redhat.com/show_bug.cgi?id=613110