|Secunia||Mosh Escape Sequence Denial of Service Vulnerability|
|23rd May, 2012 10:31|
User Since: -
System Score: -
Location: Copenhagen, DK
A vulnerability has been reported in Mosh, which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within mosh-server when processing commands and can be exploited to pass control characters to the server and trigger an endless loop.
|keithwinstein||RE: Mosh Escape Sequence Denial of Service Vulnerability|
|23rd May, 2012 10:31|
User Since: 23rd May 2012
System Score: N/A
Last edited on 23rd May, 2012 10:31
|Thank you for this opportunity to comment.
This bug relates to inefficient processing of some ANSI escape sequences by the Mosh terminal emulator.
An application or mosh-server can send a large value as the "repeat count" of an ANSI escape sequence, causing the mosh-server or mosh-client to spend a lot of CPU time interpreting a short ANSI escape sequence.
Because these applications are already trusted, this is not a security vulnerability per se. For example, the application is also able to shut off the user's keyboard with an ANSI escape sequence -- also not a security vulnerability. It's not exploitable by other users, it is not an error in the mosh-server, and it cannot be exploited to pass control characters to the server to cause an endless loop.
Mosh 1.2.1 will contain code to avoid spending all this CPU time by ignoring nonsensical repeat counts. But in general, any terminal emulator must trust the application, since the application decides what should be on the screen. If it wants to fill the screen with garbage or send a lot of beeps or turn off the user's keyboard, most terminal emulators will do what the applicaiton asks. These are matters of discretion and are not security vulnerabilities. (Similarly, the mosh-client must trust the mosh-server to decide what is on the screen and whether to accept user input.)
We have suggested this text as the issue description:
Mosh versions 1.2 and earlier allow an application to cause the mosh-server to consume large amounts of CPU time with a short ANSI escape sequence. In addition, a malicious mosh-server can cause the mosh-client to consume large amounts of CPU time with a short ANSI escape sequence. This arises because there was no limit on the value of the "repeat" parameter in some ANSI escape sequences, so even large and nonsensical values would be interpreted by Mosh's terminal emulator.
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.