Published: 02/01/2009 Updated: 03/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted malicious users to execute arbitrary code or have unspecified other impact via escape sequences.

Vulnerable Product	Search on Vulmon	Subscribe to Product
invisible-island xterm _nil_

Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm Additionally, window title operations were also not safely handled If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges (CVE-2006-7236, CVE-2 ...

source: wwwsecurityfocuscom/bid/33060/info The 'xterm' program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected application The issue a ...

CWE-16 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593 http://secunia.com/advisories/33388 https://usn.ubuntu.com/703-1/https://usn.ubuntu.com/703-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/32690/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-7236

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect