Bug 613110 (CVE-2010-2713)

Summary: CVE-2010-2713 vte: responds to get window title escape sequence request
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: rcvalle, security-response-team, tbzatek
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-06-14 17:23:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 615045, 615046    
Bug Blocks:    
Description Flags
proposed patch to fix the issue none

Description Vincent Danen 2010-07-09 18:18:18 UTC
It was reported to Ubuntu that vte regressed the fix for CVE-2003-0070 in the following upstream commit:


This would allow for an information disclosure of the window title of the gnome-terminal.

This issue does not affect Red Hat Enterprise Linux 5 or earlier, which still replace the contents of the window title with "LTerminal", rather than "l[contents of terminal window]"; as demonstrated with:

$ echo -e "\e[21t"

Comment 1 Vincent Danen 2010-07-09 18:19:28 UTC
Created attachment 430733 [details]
proposed patch to fix the issue

Comment 3 Vincent Danen 2010-07-14 15:20:56 UTC
This has been assigned the name CVE-2010-2713.

Comment 9 Vincent Danen 2010-07-15 20:16:19 UTC
Created vte tracking bugs for this issue

Affects: fedora-all [bug 615046]

Comment 10 Vincent Danen 2011-06-14 17:23:01 UTC
This was fixed upstream in 0.19.4; currently Fedora has 0.24.1-1.fc13, 0.26.1-1.fc14, and 0.28.0-1.fc15. This has been fixed.