Описание
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
A flaw was found in xterm. This issue may allow code execution via font ops.
Отчет
This issue is marked as moderate because the Red Hat Enterprise Linux 6, 7, 8, and 9, as the xterm package is currently provided with allowWindowOps and allowFontOps resources to false by default that can protect from remote code execution and downgrade the attack surface.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | xterm | Not affected | ||
| Red Hat Enterprise Linux 7 | xterm | Not affected | ||
| Red Hat Enterprise Linux 8 | cockpit | Not affected | ||
| Red Hat Enterprise Linux 8 | cockpit-appstream | Not affected | ||
| Red Hat Enterprise Linux 8 | cockpit-session-recording | Not affected | ||
| Red Hat Enterprise Linux 8 | container-tools:3.0/cockpit-podman | Not affected | ||
| Red Hat Enterprise Linux 8 | container-tools:4.0/cockpit-podman | Not affected | ||
| Red Hat Enterprise Linux 8 | container-tools:rhel8/cockpit-podman | Not affected | ||
| Red Hat Enterprise Linux 8 | xterm | Will not fix | ||
| Red Hat Enterprise Linux 9 | cockpit | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.4 High
CVSS3
Связанные уязвимости
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
xterm before 375 allows code execution via font ops e.g. because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
xterm before 375 allows code execution via font ops, e.g., because an ...
EPSS
7.4 High
CVSS3