Hi folks, today I found around the corner a huge XTerm code injection.
DECRQSS Device Control Request Status String “DCS $ q” simply echoes
(responds with) invalid commands.

Exploitability is the same as for the “window title reporting” issue
in DSA-380: include the DCS string in an email message to the victim,
or arrange to have it in syslog to be viewed by root.

So for example:
perl -e ‘print “\eP\$q\netstat\n\e\\”‘ > bla.log
cat bla.log ; would run the “netstat” command.

Published by marcoramilli

Ethical Hacking, Advanced Targeted Attack Expert and Malware Evasion Expert

3 thoughts on “ Huge XTERM vulnerability. ”

  1. Can anyone recommend the best Remote Desktop tool for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central managed services software
    ? What is your best take in cost vs performance among those three? I need a good advice please… Thanks in advance!

  3. Thanks a lot for publishing this vulnerability Marco, I just removed xterm and installed xfce-terminal, instead to safely cat.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.