Gentoo Logo

Xfce Terminal: Remote arbitrary code execution


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200708-07 / terminal
Release Date August 11, 2007
Latest Revision July 12, 2008: 02
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
x11-terms/terminal < 0.2.6_p25931 >= 0.2.6_p25931 All supported architectures

Related bugreports: #184886


A vulnerability has been discovered in the Xfce Terminal program, allowing for the remote execution of arbitrary code.

2.  Impact Information


Xfce Terminal is a console tool for the Xfce desktop environment.


Lasse Karkkainen discovered that the function terminal_helper_execute() in file terminal-helper.c does not properly escape the URIs before processing.


A remote attacker could entice a user to open a specially crafted link, possibly leading to the remote execution of arbitrary code with the privileges of the user running Xfce Terminal. Note that the exploit code depends on the browser used to open the crafted link.

3.  Resolution Information


There is no known workaround at this time.


All Xfce Terminal users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/terminal-0.2.6_p25931"

4.  References


Page updated August 11, 2007

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.