Bug 613110 (CVE-2010-2713)

Summary: CVE-2010-2713 vte: responds to get window title escape sequence request
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: rcvalle, security-response-team, tbzatek
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-06-14 17:23:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 615045, 615046    
Bug Blocks:    
Attachments:
Description Flags
proposed patch to fix the issue none

Description Vincent Danen 2010-07-09 18:18:18 UTC 
It was reported to Ubuntu that vte regressed the fix for CVE-2003-0070 in the following upstream commit:

http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74

This would allow for an information disclosure of the window title of the gnome-terminal.

This issue does not affect Red Hat Enterprise Linux 5 or earlier, which still replace the contents of the window title with "LTerminal", rather than "l[contents of terminal window]"; as demonstrated with:

$ echo -e "\e[21t"
Comment 1 Vincent Danen 2010-07-09 18:19:28 UTC 
Created attachment 430733 [details]
proposed patch to fix the issue
Comment 3 Vincent Danen 2010-07-14 15:20:56 UTC 
This has been assigned the name CVE-2010-2713.
Comment 5 Vincent Danen 2010-07-15 17:40:48 UTC 
This is now public:

http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91
Comment 9 Vincent Danen 2010-07-15 20:16:19 UTC 
Created vte tracking bugs for this issue

Affects: fedora-all [bug 615046]
Comment 10 Vincent Danen 2011-06-14 17:23:01 UTC 
This was fixed upstream in 0.19.4; currently Fedora has 0.24.1-1.fc13, 0.26.1-1.fc14, and 0.28.0-1.fc15. This has been fixed.