Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3121

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2014-3121
Last Modified 14 May 2014 07:13:05
Published 13 May 2014 08:55:10
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2014-3121

Summary

rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.

Vulnerable Systems

Application

  • Marc Lehmann Rxvt-unicode 9.0

  • Marc Lehmann Rxvt-unicode 9.01

  • Marc Lehmann Rxvt-unicode 9.02

  • Marc Lehmann Rxvt-unicode 9.05

  • Marc Lehmann Rxvt-unicode 9.06

  • Marc Lehmann Rxvt-unicode 9.07

  • Marc Lehmann Rxvt-unicode 9.08

  • Marc Lehmann Rxvt-unicode 9.09

  • Marc Lehmann Rxvt-unicode 9.10

  • Marc Lehmann Rxvt-unicode 9.11

  • Marc Lehmann Rxvt-unicode 9.12

  • Marc Lehmann Rxvt-unicode 9.14

  • Marc Lehmann Rxvt-unicode 9.15

  • Marc Lehmann Rxvt-unicode 9.16

  • Marc Lehmann Rxvt-unicode 9.17

  • Marc Lehmann Rxvt-unicode 9.18

  • Marc Lehmann Rxvt-unicode 9.19


References

FEDORA - FEDORA-2014-5939

FEDORA - FEDORA-2014-5938

BID - 67155

DEBIAN - DSA-2925

MLIST - [oss-security] 20140430 CVE request: rxvt-unicode user-assisted arbitrary commands execution

CONFIRM - http://dist.schmorp.de/rxvt-unicode/Changes


Last Updated: 27 May 2016 11:05:16