Secunia SmallBusiness
Overview
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading

Secunia Advisory SA49260

Mosh Escape Sequence Denial of Service Vulnerability
Secunia Advisory SA49260
Secunia VIM 4.0 - Free Trial
Release Date 2012-05-22
Last Update 2012-07-04
   
Popularity 1,001 view
Comments 1 comment

Criticality level Less criticalLess critical
Impact DoS
Where From remote
Authentication level This information is available to Secunia VIM customers
   
Report reliability This information is available to Secunia VIM customers
Solution Status Vendor Workaround
   
Systems affected This information is available to Secunia VIM customers
Approve distribution This information is available to Secunia VIM customers
   
Software:
Mosh 1.x
Secunia CVSS Score This information is available to Secunia VIM Customers
CVE Reference(s) CVE-2012-2385 CVSS score available to Secunia VIM customers
  

Description

A vulnerability has been reported in Mosh, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within mosh-server when processing commands and can be exploited to pass control characters to the server and trigger an endless loop.


Solution
Fixed in the GIT repository.

Provided and/or discovered by
Timo Juhani Lindfors in a bug report.

Changelog
Further details available to Secunia VIM customers

Original Advisory
https://github.com/keithw/mosh/issues/271

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers


Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Mosh Escape Sequence Denial of Service Vulnerability
 
User Message
keithwinstein RE: Mosh Escape Sequence Denial of Service Vulnerability
Member 23rd May, 2012 10:31
Score: 0
Posts: 1
User Since: 23rd May 2012
System Score: N/A
Location: US
Last edited on 23rd May, 2012 10:31		 Thank you for this opportunity to comment.

This bug relates to inefficient processing of some ANSI escape sequences by the Mosh terminal emulator.

An application or mosh-server can send a large value as the "repeat count" of an ANSI escape sequence, causing the mosh-server or mosh-client to spend a lot of CPU time interpreting a short ANSI escape sequence.

Because these applications are already trusted, this is not a security vulnerability per se. For example, the application is also able to shut off the user's keyboard with an ANSI escape sequence -- also not a security vulnerability. It's not exploitable by other users, it is not an error in the mosh-server, and it cannot be exploited to pass control characters to the server to cause an endless loop.

Mosh 1.2.1 will contain code to avoid spending all this CPU time by ignoring nonsensical repeat counts. But in general, any terminal emulator must trust the application, since the application decides what should be on the screen. If it wants to fill the screen with garbage or send a lot of beeps or turn off the user's keyboard, most terminal emulators will do what the applicaiton asks. These are matters of discretion and are not security vulnerabilities. (Similarly, the mosh-client must trust the mosh-server to decide what is on the screen and whether to accept user input.)

We have suggested this text as the issue description:

===
Mosh versions 1.2 and earlier allow an application to cause the mosh-server to consume large amounts of CPU time with a short ANSI escape sequence. In addition, a malicious mosh-server can cause the mosh-client to consume large amounts of CPU time with a short ANSI escape sequence. This arises because there was no limit on the value of the "repeat" parameter in some ANSI escape sequences, so even large and nonsensical values would be interpreted by Mosh's terminal emulator.
===

Thank you,
Keith Winstein
Mosh project
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom
 
© 2002-2013 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability