Note: This is an archival copy of Security Sun Alert 254208 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1020206.1.
Date of Resolved Release
A Security Vulnerability in the xterm(1) program delivered with OpenSolaris Involving the Parsing of Device Control Request Status String (DECRQSS) Sequences May Lead to Execution of Arbitrary Code
A security vulnerability in the xterm(1) program delivered with OpenSolaris related to the interpretation of certain Device Control Request Status String (DECRQSS) sequences may allow unprivileged local or remote users to execute arbitrary code with the privileges of the user running xterm(1).
This issue is described in the following document:
CVE-2008-2383 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2383
2. Contributing Factors
This issue can occur in the following releases:
OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. The base build can be derived as follows:
$ uname -v
There are no predictable symptoms to indicate that the described issue has been exploited to execute arbitrary code.
There is no workaround for this issue. Please see the "Resolution" section below.
This issue is addressed in the following releases:
For more information on Security Sun Alerts, see 1009886.1.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment