OSVDB ID: 84284

Title: mintty Terminal OSC 701 Sequence Arbitrary String Injection

Info

Disclosure

May 21, 2011

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 21, 2011

Description

mintty contains a flaw related to the Terminal Window. The issue is triggered when an error occurs in the OSC 701 sequence handling that would allow an attacker to inject an arbitrary string and execute it with user privileges.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 0.9.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

mintty

mintty

0.9.7

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/84284