Bug 12647 - vte: CVE-2012-2738: DoS
: vte: CVE-2012-2738: DoS
Status: NEW
Product: Maemo 5 Community SSU
general
: testing
: N900 Maemo
: Unspecified minor (vote)
: ---
Assigned To: unassigned
: general
:
:
:
:
  Show dependency tree
 
Reported: 2012-08-10 16:02 UTC by Andre Klapper
Modified: 2012-08-10 16:02 UTC (History)
0 users (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description Andre Klapper (reporter) maemo.org 2012-08-10 16:02:47 UTC
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2738
allows remote authenticated users to cause a denial of service (long loop and
CPU consumption) via an escape sequence with a large repeat count value. 

See https://bugzilla.gnome.org/show_bug.cgi?id=676090 and the related commits
http://git.gnome.org/browse/vte/commit/?h=vte-0-32&id=98ce2f265f986fb88c38d508286bb5e3716b9e74
http://git.gnome.org/browse/vte/commit/?h=vte-0-32&id=feeee4b5832b17641e505b7083e0d299fdae318e

Looking at http://gitorious.org/community-ssu/vte/blobs/master/src/vteseq.c I
see some changes in the code, so applying this won't be totally straight
forward.


<andre__> somebody please tell me if I should file a ticket
<freemangordon> BTW openssh is in extras, not CSSU material aiui
<DocScrutinizer05> andre__: denial of service or privilege escalation?
<DocScrutinizer05> DOS is "harmless"
<andre__> you can probably judge it way better than I can
<DocScrutinizer05> file it please
<DocScrutinizer05> we can triage later