Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2383

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-2383
Last Modified 30 Oct 2012 10:57:33
Published 02 Jan 2009 01:11:09
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2383

Summary

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

Vulnerable Systems

Application

  • Invisible-island Xterm Nil


References

CERT - TA09-133A

FEDORA - FEDORA-2009-0154

FEDORA - FEDORA-2009-0059

XF - xterm-decrqss-code-execution(47655)

VUPEN - ADV-2009-1297

UBUNTU - USN-703-1

BID - 33060

REDHAT - RHSA-2009:0018

DEBIAN - DSA-1694

CONFIRM - http://support.apple.com/kb/HT3549

SUNALERT - 254208

SECUNIA - 35074

SECUNIA - 33820

SECUNIA - 33568

SECUNIA - 33419

SECUNIA - 33418

SECUNIA - 33397

SECUNIA - 33388

SECUNIA - 33318

SUSE - SUSE-SR:2009:003

SUSE - SUSE-SR:2009:002

APPLE - APPLE-SA-2009-05-12

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030

SECTRACK - 1021522

REDHAT - RHSA-2009:0019

Related Patches

Apple 2009-05-12 Mac OS X 10.5.7 Combo Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Update

Apple 2009-05-12 Mac OS X 10.5.7 Update

Apple 2009-05-12 Mac OS X Server 10.5.7 Combo Update

Novell SUSE 2009:5898 xterm security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:55:04