Description
The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.
Affected products
- Apple / mac_os_x10.3.9 – 10.3.9
- Apple / mac_os_x10.3 – 10.3
- Apple / mac_os_x10.3.1 – 10.3.1
- Apple / mac_os_x10.3.2 – 10.3.2
- Apple / mac_os_x10.3.3 – 10.3.3
- Apple / mac_os_x10.3.4 – 10.3.4
- Apple / mac_os_x10.3.5 – 10.3.5
- Apple / mac_os_x10.3.6 – 10.3.6
- Apple / mac_os_x10.3.7 – 10.3.7
- Apple / mac_os_x10.3.8 – 10.3.8
- Apple / terminal1.4.4 – 1.4.4
References
- MISChttp://remahl.se/david/vuln/011/
- MISChttp://www.securityfocus.com/bid/13480
- MISChttp://www.us-cert.gov/cas/techalerts/TA05-136A.html
- MISChttp://www.osvdb.org/16084
- VENDOR_ADVISORYhttp://secunia.com/advisories/15227
- MISChttp://www.kb.cert.org/vuls/id/356070
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2005/0455
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2005/May/msg00001.html