codela.blogg.se - Windows terminal emulators

The Wterm Terminal Emulator v.6.2.9 Wterm is a color VT102 terminal emulator for the X Window System.

Includes phonebook, scrollback, capture, X/Y/Zmodem, Kermit, ANSI (+ music) / Avatar / VT102 / Linux emulation, Unicode, and keyboard macros.

Qodem Terminal Emulator v.0.3.2 Qodem is a a terminal emulator that resembles the BBS-era Qmodem.

Various character sets and encodings in the.

Mlterm(Multi Lingual TERMinal emulator) v.3.1.1 mlterm is a multi-lingual terminal emulator, which supports.

Icephis is written in C and "compile-time configurable" like evilvte,īut with well-ordered source code so that users can make customized one.

Icephis Terminal Emulator v.0.5.4 Icephis is a VTE-based terminal emulator.

The extensive details of the exploitation of these attack paths can be read in the article Don't Trust This Title: Abusing Terminal Emulators with ANSI Escape Characters.

XSHELL: Vulnerability CVE-2021-42095 can freeze the entire machine, fixed in version 7.0.0.76.

ZOC: Vulnerability CVE-2021-32198 the app can be frozen, no fix.

Git: Uses MinTTY, fixed in version 2.30.1.

MinTTY (and Cygwin): Vulnerability CVE-2021-28848 can cause the entire machine to freeze, fixed in version 3.4.6.

MobaXterm: Vulnerability CVE-2021-28847 lässt sich die App einfrieren, korrigiert in Version 21.0 Preview 3.

PuTTY: Vulnerability CVE-2021-33500 can cause the entire machine to freeze, fixed in version 0.75.

Vulnerabilities in terminal emulators, source: CyberArcĪt the end of the day, the following terminal emulators (and some browsers) could be attacked: Here is the list of CVEs of the discovered vulnerabilities

With minor modifications, the remote DoS attacks could be driven. The details of the investigation into customizing the title of Teminal emulator windows via ANSI escape control characters were downright shocking.

A way to bypass the bracket insertion mode mechanism within Terminals was found.

An ANSI escape character injection vulnerability in OpenShift and Kubernetes ( CVE-2021-25743).

Security researchers have found a way to remotely cause a DoS (Denial of Service) on the terminal client host.

At the end of the day, the following findings were available: After investigating the issue, Eviatar Gerz found that many terminal emulators under Windows could be attacked and crashed via ANSI escape characters.