FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-2383

This CVE name corresponds to:

Entered Topic
2009-01-05 xterm -- DECRQSS remote command execution vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-2383 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-2383
Phase Assigned(20080521)

Description

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

References

Source Reference
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030
CONFIRM http://support.apple.com/kb/HT3549
APPLE APPLE-SA-2009-05-12
DEBIAN DSA-1694
FEDORA FEDORA-2009-0059
FEDORA FEDORA-2009-0154
REDHAT RHSA-2009:0018
REDHAT RHSA-2009:0019
SUNALERT 254208
SUSE SUSE-SR:2009:002
SUSE SUSE-SR:2009:003
UBUNTU USN-703-1
CERT TA09-133A
BID 33060
OVAL oval:org.mitre.oval:def:9317
SECTRACK 1021522
SECUNIA 33318
SECUNIA 33419
SECUNIA 33568
SECUNIA 33418
SECUNIA 33397
SECUNIA 33820
SECUNIA 33388
SECUNIA 35074
VUPEN ADV-2009-1297
XF xterm-decrqss-code-execution(47655)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.