Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2008-2383

Published: 02/01/2009 Updated: 07/11/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Xterm

Vulnerability Summary

CRLF injection vulnerability in xterm allows user-assisted malicious users to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

invisible-island xterm _nil_

Vendor Advisories

Ubuntu Security Notice: xterm vulnerabilities
Paul Szabo discovered that the DECRQSS escape sequences were not handled correctly by xterm Additionally, window title operations were also not safely handled If a user were tricked into viewing a specially crafted series of characters while in xterm, a remote attacker could execute arbitrary commands with user privileges (CVE-2006-7236, CVE-2 ...
Red Hat: Important: xterm security update
Synopsis Important: xterm security update Type/Severity Security Advisory: Important Topic An updated xterm package to correct a security issue is now available forRed Hat Enterprise Linux 3, 4, and 5This update has been rated as having important security impact by the RedHat Security Response Team ...
Red Hat: Important: hanterm-xf security update
Synopsis Important: hanterm-xf security update Type/Severity Security Advisory: Important Topic An updated hanterm-xf package to correct a security issue is now availablefor Red Hat Enterprise Linux 21This update has been rated as having important security impact by the RedHat Security Response Team ...
Debian CVElist Bug Report Logs: [CVE-2008-2383] xterm: DECRQSS and comments
Debian Bug report logs - #510030 [CVE-2008-2383] xterm: DECRQSS and comments Package: xterm; Maintainer for xterm is Debian X Strike Force <debian-x@listsdebianorg>; Source for xterm is src:xterm (PTS, buildd, popcon) Reported by: Paul Szabo <psz@mathsusydeduau> Date: Sun, 28 Dec 2008 20:27:02 UTC Severity: gra ...
Debian Security Advisories: DSA-1694-1 xterm -- design flaw
Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383) As an additional precaution, this security update also disables font changing, user-defined keys, and X property changes through escape sequences For the ...

Github Repositories

https://github.com/stealth/devpops

Companion Worm research

DevPops DevPops continues my research on companion worms It is a friendly companion without payload and without modifying any source files The spreading vectors are gits In memoriam of my former Professor at the department of Computer Science, who was a great researcher and one of the few who allowed his students virus experiments at his research lab Disclaimer: All of t

References

CWE-94http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030http://secunia.com/advisories/33318https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00184.htmlhttp://secunia.com/advisories/33419https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00072.htmlhttp://secunia.com/advisories/33568http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0018.htmlhttp://secunia.com/advisories/33418http://secunia.com/advisories/33397http://www.securityfocus.com/bid/33060http://www.debian.org/security/2009/dsa-1694http://secunia.com/advisories/33820http://secunia.com/advisories/33388http://sunsolve.sun.com/search/document.do?assetkey=1-66-254208-1http://support.apple.com/kb/HT3549http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://www.vupen.com/english/advisories/2009/1297http://secunia.com/advisories/35074http://www.redhat.com/support/errata/RHSA-2009-0019.htmlhttp://www.securitytracker.com/id?1021522https://exchange.xforce.ibmcloud.com/vulnerabilities/47655https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9317https://usn.ubuntu.com/703-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOOVZTIABA4MIFUGTAVYWO6QXSUXSST4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3E2Q6NPKT7V4VKZMSFF4ARLRVYOG4AU/https://usn.ubuntu.com/703-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmwareCVE-2023-52866CVE-2024-4367CVE-2024-1721CVE-2023-34992XML injectionCVE-2023-52817SQLCVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook