CVE-2008-2383

Current Description

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka ) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

Basic Data

PublishedJanuary 02, 2009
Last ModifiedOctober 03, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-94
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationInvisible-islandXterm_nil_*******

Vulnerable Software List

VendorProductVersions
Invisible-island Xterm _nil_

References

NameSourceURLTags
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030CONFIRM
APPLE-SA-2009-05-12http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlAPPLE
SUSE-SR:2009:002http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlSUSE
SUSE-SR:2009:003http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlSUSE
33318http://secunia.com/advisories/33318SECUNIAVendor Advisory
33388http://secunia.com/advisories/33388SECUNIA
33397http://secunia.com/advisories/33397SECUNIA
33418http://secunia.com/advisories/33418SECUNIA
33419http://secunia.com/advisories/33419SECUNIA
33568http://secunia.com/advisories/33568SECUNIA
33820http://secunia.com/advisories/33820SECUNIA
35074http://secunia.com/advisories/35074SECUNIA
254208http://sunsolve.sun.com/search/document.do?assetkey=1-66-254208-1SUNALERT
http://support.apple.com/kb/HT3549http://support.apple.com/kb/HT3549CONFIRM
DSA-1694http://www.debian.org/security/2009/dsa-1694DEBIAN
RHSA-2009:0018http://www.redhat.com/support/errata/RHSA-2009-0018.htmlREDHAT
RHSA-2009:0019http://www.redhat.com/support/errata/RHSA-2009-0019.htmlREDHAT
33060http://www.securityfocus.com/bid/33060BID
1021522http://www.securitytracker.com/id?1021522SECTRACK
TA09-133Ahttp://www.us-cert.gov/cas/techalerts/TA09-133A.htmlCERTUS Government Resource
ADV-2009-1297http://www.vupen.com/english/advisories/2009/1297VUPEN
xterm-decrqss-code-execution(47655)https://exchange.xforce.ibmcloud.com/vulnerabilities/47655XF
oval:org.mitre.oval:def:9317https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9317OVAL
USN-703-1https://usn.ubuntu.com/703-1/UBUNTU
FEDORA-2009-0059https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00072.htmlFEDORA
FEDORA-2009-0154https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00184.htmlFEDORA