eterm vulnerabilities and exploits

(subscribe to this query)

6.9

CVSSv2

Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Eterm Eterm 0.9.4

5

CVSSv2

The "screen dump" feature in Eterm 0.9.1 and previous versions allows malicious users to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.

Michael Jennings Eterm 0.8.10 Michael Jennings Eterm 0.9.1

7.5

CVSSv2

The Eterm terminal emulator 0.9.1 and previous versions allows malicious users to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequ...

Michael Jennings Eterm 0.9.1 Michael Jennings Eterm 0.8.10

4.6

CVSSv2

Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable.

Michael Jennings Eterm 0.9.2 Michael Jennings Eterm 0.9.1 Debian Debian Linux 2.3 Debian Debian Linux 3.0

7.2

CVSSv2

Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an malicious user to gain root privileges.

Michael Jennings Eterm 0.8.8

6.5

CVSSv2

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.

Eterm Project Eterm 0.9.7 Mrxvt Project Mrxvt 0.5.4 Rxvt Project Rxvt 2.7.10 Rxvt-unicode Project Rxvt-unicode 9.22 Fedoraproject Fedora 33 Fedoraproject Fedora 34 Debian Debian Linux 9.0

5

CVSSv2

xterm, Eterm, and rxvt allow an malicious user to cause a denial of service by embedding certain escape characters which force the window to be resized.

Putty Putty 0.48 Xfree86 Project X11r6 3.3.3 Xfree86 Project X11r6 4.0 Michael Jennings Eterm 0.8.10 Rxvt Rxvt 2.6.1

1 EDB exploit

4.6

CVSSv2

Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and previous versions allows local users to execute arbitrary code via a long HOME environment variable.

Enlightenment Imlib 2.0.01.0.0 Enlightenment Imlib 2.1.0.1 Enlightenment Imlib 2.1.0.2 Enlightenment Imlib 2.1.0.3 Enlightenment Imlib 2.1.0.4 Michael Jennings Eterm 0.9.1

1 EDB exploit

4.6

CVSSv2

Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and previous versions, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).

Libast Libast 0.5 Libast Libast 0.6 Libast Libast 0.4 Libast Libast 0.6.1

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook