Summary
The remote host is missing an update to xterm
announced via advisory MDVSA-2009:005.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:005
Insight
A vulnerability has been discovered in xterm, which can be exploited by malicious people to compromise a user's system. The vulnerability is due to xterm not properly processing the DECRQSS Device Control Request Status String escape sequence. This can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into displaying a malicious text file containing a specially crafted escape sequence via the more command in xterm (CVE-2008-2383).
The updated packages have been patched to prevent this.
Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0
Severity
Classification
-
CVE CVE-2008-2383 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities