Follow @discotekdotca
CVE-2003-0063
Current Description
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
| Referenced by CVEs: | CVE-2008-2383, CVE-2015-8971 |
Basic Data
| Published | March 03, 2003 |
|---|---|
| Last Modified | October 18, 2016 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | NVD-CWE-Other |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | PARTIAL |
| CVSS 2 - Availability Impact | PARTIAL |
| CVSS 2 - Base Score | 7.5 |
| Severity | HIGH |
| Exploitability Score | 10.0 |
| Impact Score | 6.4 |
| Obtain All Privilege | false |
| Obtain User Privilege | false |
| Obtain Other Privilege | true |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Xfree86 Project X11r6 4.0 * * * * * * * � � � � 2.3 Application Xfree86 Project X11r6 4.0.1 * * * * * * * � � � � 2.3 Application Xfree86 Project X11r6 4.0.3 * * * * * * * � � � � 2.3 Application Xfree86 Project X11r6 4.1.0 * * * * * * * � � � � 2.3 Application Xfree86 Project X11r6 4.2.0 * * * * * * * � � � � 2.3 Application Xfree86 Project X11r6 4.2.1 * * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Xfree86 Project | X11r6 | 4.0, 4.0.1, 4.0.3, 4.1.0, 4.2.0, 4.2.1 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| 20030224 Terminal Emulator Security Issues | http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html | VULNWATCH | Vendor Advisory |
| 20030224 Terminal Emulator Security Issues | http://marc.info/?l=bugtraq&m=104612710031920&w=2 | BUGTRAQ | |
| DSA-380 | http://www.debian.org/security/2003/dsa-380 | DEBIAN | |
| terminal-emulator-window-title(11414) | http://www.iss.net/security_center/static/11414.php | XF | Vendor Advisory |
| RHSA-2003:064 | http://www.redhat.com/support/errata/RHSA-2003-064.html | REDHAT | |
| RHSA-2003:065 | http://www.redhat.com/support/errata/RHSA-2003-065.html | REDHAT | |
| RHSA-2003:066 | http://www.redhat.com/support/errata/RHSA-2003-066.html | REDHAT | |
| RHSA-2003:067 | http://www.redhat.com/support/errata/RHSA-2003-067.html | REDHAT | |
| 6940 | http://www.securityfocus.com/bid/6940 | BID |