PuTTY vulnerability vuln-window-title
This is a mirror. The primary PuTTY web site can be found
here.
Home |
Licence |
FAQ |
Docs |
Download |
Keys |
Links
Mirrors |
Updates |
Feedback |
Changes |
Wishlist |
Team
summary: Window title reports offer opportunities for mischief
class: vulnerability: This is a security vulnerability.
difficulty: fun: Just needs tuits, and not many of them.
priority: high: This should be fixed in the next release.
absent-in: 0.52 2001-11-24
present-in: 0.53 0.53b
fixed-in: 2003-04-13 (0.54) (0.55) (0.56) (0.57) (0.58) (0.59) (0.60)
It's been
suggested that window-title reports might be a bad idea, since they
allow anyone who can generate arbitrary output to a terminal to cause
almost-arbitrary input from it. The various other terminal reports
supported by PuTTY are less of a problem because their formats are rather
more constrained.
PuTTY should probably make window-title reporting support optional and have
it default to off.
This vulnerability corresponds to
CVE-2003-0069
.
SGT, 2003-04-12: Just fixed this.
Audit trail for this vulnerability.
If you want to comment on this web site, see the
Feedback page.
(last revision of this bug record was at 2004-11-16 15:27:00 +0000)
mirror powered by triplemind.com - Web directory, Ferienwohnung Berlin, Last Minute Reisen, Language schools in Spain, Pension Dresden Hotel, Markisen Sonnenschutz Plissees, Kreuzfahrten, Routenplaner, Sofort online, Fliegen, Ferienwohnung Harz, Newsletter Software, Ferienhäuser, weltweit Sprachreisen, Webdesign Homepage erstellen, Wellness Bayern Bewerbung Geld verdienen