Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2008-1142

Vulnerability from fkie_nvd - Published: 2008-04-07 17:44 - Updated: 2025-04-09 00:30

Severity ?

Summary

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

References

URL	Tags
cve@mitre.org	http://article.gmane.org/gmane.comp.security.oss.general/122
cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296	Vendor Advisory
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
cve@mitre.org	http://secunia.com/advisories/29576	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30224	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30225	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30226	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30227	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30229	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/31687	Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200805-03.xml
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:161
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:221
cve@mitre.org	http://www.securityfocus.com/bid/28512	Patch
af854a3a-2127-422b-91ae-364da2661108	http://article.gmane.org/gmane.comp.security.oss.general/122
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29576	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30224	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30225	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30226	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30227	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30229	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31687	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200805-03.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:161
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:221
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/28512	Patch

Impacted products

Vendor	Product	Version
aterm	aterm	*
aterm	aterm	0.1.0
aterm	aterm	0.1.1
aterm	aterm	0.2.0
aterm	aterm	0.3.0
aterm	aterm	0.3.1
aterm	aterm	0.3.2
aterm	aterm	0.3.3
aterm	aterm	0.3.4
aterm	aterm	0.3.5
aterm	aterm	0.3.6
aterm	aterm	0.4.0
aterm	aterm	0.4.1
aterm	aterm	0.4.2
aterm	aterm	1.00
aterm	aterm	1.00
aterm	aterm	1.00
aterm	aterm	1.00
eterm	eterm	*
eterm	eterm	0.9.2
mrxvt	mrxvt	*
mrxvt	mrxvt	0.4.2
multi-aterm	multi-aterm	*
multi-aterm	multi-aterm	0.0.1
multi-aterm	multi-aterm	0.0.3
multi-aterm	multi-aterm	0.0.4
multi-aterm	multi-aterm	0.0.5
multi-aterm	multi-aterm	0.1
rxvt	rxvt	*
rxvt	rxvt	2.6.1
rxvt	rxvt	2.6.2
rxvt	rxvt	2.6.3
rxvt	rxvt	2.6.4
rxvt	rxvt	2.7.5
rxvt	rxvt	2.7.6
rxvt	rxvt	2.7.7
rxvt	rxvt	2.7.8
rxvt-unicode	rxvt-unicode	*
rxvt-unicode	rxvt-unicode	1.0
rxvt-unicode	rxvt-unicode	1.1
rxvt-unicode	rxvt-unicode	1.2
rxvt-unicode	rxvt-unicode	1.3
rxvt-unicode	rxvt-unicode	1.4
rxvt-unicode	rxvt-unicode	1.5
rxvt-unicode	rxvt-unicode	1.6
rxvt-unicode	rxvt-unicode	1.7
rxvt-unicode	rxvt-unicode	1.8
rxvt-unicode	rxvt-unicode	1.9
rxvt-unicode	rxvt-unicode	1.91
rxvt-unicode	rxvt-unicode	2.0
rxvt-unicode	rxvt-unicode	2.1
rxvt-unicode	rxvt-unicode	2.2
rxvt-unicode	rxvt-unicode	2.3
rxvt-unicode	rxvt-unicode	2.4
rxvt-unicode	rxvt-unicode	2.5
rxvt-unicode	rxvt-unicode	2.6
rxvt-unicode	rxvt-unicode	2.7
rxvt-unicode	rxvt-unicode	2.8
rxvt-unicode	rxvt-unicode	2.9
rxvt-unicode	rxvt-unicode	3.0
rxvt-unicode	rxvt-unicode	3.1
rxvt-unicode	rxvt-unicode	3.2
rxvt-unicode	rxvt-unicode	3.3
rxvt-unicode	rxvt-unicode	3.4
rxvt-unicode	rxvt-unicode	3.5
rxvt-unicode	rxvt-unicode	3.6
rxvt-unicode	rxvt-unicode	3.7
rxvt-unicode	rxvt-unicode	3.8
rxvt-unicode	rxvt-unicode	3.9
rxvt-unicode	rxvt-unicode	4.0
rxvt-unicode	rxvt-unicode	4.1
rxvt-unicode	rxvt-unicode	4.2
rxvt-unicode	rxvt-unicode	4.3
rxvt-unicode	rxvt-unicode	4.4
rxvt-unicode	rxvt-unicode	4.5
rxvt-unicode	rxvt-unicode	4.6
rxvt-unicode	rxvt-unicode	4.7
rxvt-unicode	rxvt-unicode	4.8
rxvt-unicode	rxvt-unicode	4.9
rxvt-unicode	rxvt-unicode	5.0
rxvt-unicode	rxvt-unicode	5.1
rxvt-unicode	rxvt-unicode	5.2
rxvt-unicode	rxvt-unicode	5.3
rxvt-unicode	rxvt-unicode	5.4
rxvt-unicode	rxvt-unicode	5.5
rxvt-unicode	rxvt-unicode	5.6
rxvt-unicode	rxvt-unicode	5.7
rxvt-unicode	rxvt-unicode	5.8
rxvt-unicode	rxvt-unicode	5.9
rxvt-unicode	rxvt-unicode	6.0
rxvt-unicode	rxvt-unicode	6.1
rxvt-unicode	rxvt-unicode	6.2
rxvt-unicode	rxvt-unicode	6.3
rxvt-unicode	rxvt-unicode	7.0
rxvt-unicode	rxvt-unicode	7.1
rxvt-unicode	rxvt-unicode	7.2
rxvt-unicode	rxvt-unicode	7.3
rxvt-unicode	rxvt-unicode	7.4
rxvt-unicode	rxvt-unicode	7.5
rxvt-unicode	rxvt-unicode	7.6
rxvt-unicode	rxvt-unicode	7.7
rxvt-unicode	rxvt-unicode	7.8
rxvt-unicode	rxvt-unicode	7.9
rxvt-unicode	rxvt-unicode	8.0
rxvt-unicode	rxvt-unicode	8.1
rxvt-unicode	rxvt-unicode	8.2
rxvt-unicode	rxvt-unicode	8.3
rxvt-unicode	rxvt-unicode	8.4
rxvt-unicode	rxvt-unicode	8.5
rxvt-unicode	rxvt-unicode	8.5a
rxvt-unicode	rxvt-unicode	8.6
rxvt-unicode	rxvt-unicode	8.7
rxvt-unicode	rxvt-unicode	8.8
rxvt-unicode	rxvt-unicode	8.9
rxvt-unicode	rxvt-unicode	9.0
wterm	wterm	*
wterm	wterm	6.2.5
wterm	wterm	6.2.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aterm:aterm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "906079C8-6164-4E15-A171-759A9C2D33CB",
              "versionEndIncluding": "1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBFE971D-9704-411B-89EC-2BE46D7E4930",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "65887C4E-3B44-4AA6-919B-88D987C440E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EF6773-1416-444A-9CCB-00459BBF30DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EB4F3E9-B8C3-4DBB-8686-AEB36D0D7A8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9CDB7D2-1EB3-4E08-BFEC-572720079B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A65ADF9D-8591-4046-809E-090B13098E62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06C17CD8-84FA-4A07-A5B3-C3D3CFD701DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C6E8374-C6AF-4BF0-8F08-1DFB788FB1ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "438FCC6C-14F7-4E09-A83D-CB09A4C087F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "65DE72EB-BCB3-44D7-84B8-25C098D79ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7237B6AB-CA2C-4F4E-812F-5A5B466E946A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48413ADC-4E8B-4030-919F-06DDB10FEB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDB25A3-56B5-4C4C-83CA-8CAB21E03371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:1.00:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "0EB2756B-E373-475A-AC3F-0D4357BB7410",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:1.00:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "6814E277-848C-4B8B-83A7-7E72B0EBC906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:1.00:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E13A6D13-157C-4A9C-9D79-D4C3418A3867",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aterm:aterm:1.00:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "5CE84A43-27D4-41AB-BFD0-3986137E2748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterm:eterm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2367DBAD-54A6-4ADA-83A1-F7DBC3813500",
              "versionEndIncluding": "0.9.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eterm:eterm:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF3630F-CE7F-4A04-8094-1E692D32DF64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mrxvt:mrxvt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDEA3F78-F92B-45E2-9406-FDB58FA43021",
              "versionEndIncluding": "0.5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mrxvt:mrxvt:0.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1645E2-E752-4D1B-887D-61A54E165C6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:multi-aterm:multi-aterm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60168674-59D0-42E9-AF75-59E1D67C392D",
              "versionEndIncluding": "0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:multi-aterm:multi-aterm:0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36C575E5-6D9B-48A1-A756-304D8EC480C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:multi-aterm:multi-aterm:0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B4F027-019B-4C38-BD32-FDC6CF6F27F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:multi-aterm:multi-aterm:0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "019BA414-15C4-46F5-830F-1EC910C65B67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:multi-aterm:multi-aterm:0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE85183-4BD5-45CA-9723-4EE635D61EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:multi-aterm:multi-aterm:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D5D44E-8936-4B6D-8A83-839F3A0FBE59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BB2370B-7366-4291-B602-26342194094C",
              "versionEndIncluding": "2.7.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5CE4F28-5C30-4A54-8A4B-3FA6B01F1467",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA71D83-EA61-4B68-9D71-40E660C8E9E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB750075-F614-40BA-B26D-CA3826A1B865",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FE05CF-F5F3-4F11-853A-36D4A4CA8FD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "16BC9337-A01B-402D-A9A0-AAE0B49355BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED803842-E280-4998-BD7C-CF8048304FE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "779E9DE5-58AC-4441-8925-3ADC1E042A8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "287104DA-18C9-400C-B23C-CD569E5F11C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02EDF05C-DE07-4C0C-878B-76DD7CFE0C28",
              "versionEndIncluding": "9.01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB9BC7D-3ABE-4262-A705-DAA17A527257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E86C5E10-4E22-4E5C-A2E5-575D291301BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA17952-574A-48C3-BC45-B7B8242D89CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "765462C7-1EE5-43BE-AD1E-4FEB74C486F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "499B59D2-8535-4A07-B221-AA26EAACAB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B87E8504-8CF7-4AB4-A437-8D15D623EE2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EF5A78E-1CA2-47C3-AF35-0F4024F8C57D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB280BBD-663C-4F72-86F6-D67B65F14D97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEEF3E4C-0014-4062-BD27-11649D6DC022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AE654A2-DC0C-4764-92E9-45B1890ED9A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "263D8B7E-046C-4C68-8FE0-6FE56DCC6140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54383B98-264B-4C5C-9E0F-F06CFC200827",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "550ED2B1-0273-407A-B9E2-8B219ECF5F73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC2A517-FFFF-4266-A900-36F09D2A0B1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B30E8A-FD5B-473D-AEDD-96CB8533CE91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "898BFA6D-1874-4DC0-8A23-196011EA6AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542D823A-6321-4EC8-B580-27AC0FABA07D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A78B12DC-F538-48B8-9097-A5B6E35190BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "13E67E56-F415-46E5-A147-19B18EC0CB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1263E928-4629-4627-9C48-3BEF8EA6A8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC8A8C74-F783-4460-95B0-0F70DAAF1214",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60169CC8-A154-4250-BCE1-BCF05EDDE840",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CCD73D1-AEDE-4775-A242-B37078088577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BE74E8-AAE2-45B0-A27B-425130E94BB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C76CAB9D-C5E5-452C-9C0B-E5415AB650F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "81F5C9D0-F4B4-448D-930C-17B037C4AE07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "830E5352-49B6-4941-91C2-03FF48AE6654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E7B3932-0C64-4F0D-9C27-31F823958FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8C6532-DE29-4071-9156-ABEFACA02BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA0AFAF1-F061-4C0E-9550-206824C19466",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B410B3D-D43A-4A62-9CDB-69C4E16062DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C25C6C41-3CD6-4FA8-8223-996B010A40E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BADC5D37-AAB3-4709-A156-D2CDA3AB2D0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B96FCB-ABC8-4FBE-B386-4612B3FFF5D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4014961-4950-4C2D-9FE8-EBB089F2D080",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C939A580-A0CA-4FC9-BCC0-1C7BAB6AB6F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "542D14EE-F1FD-4E1D-BB5E-0E71C3A79186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEAF5AC0-C9F3-4096-8071-FDE918291C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E090BEAD-535D-4CC0-8AEF-C66F6C57657F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9727CD66-4D54-4B80-843D-67BF421125A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCD5EBFB-B2B6-4E71-A2F7-2ECADFC99DB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "931F6A8E-AC22-49A7-ABC8-F9E685C5DB4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BD68C4D-47E0-4325-9B7F-A73F455CD7C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "13C292CB-B53B-4E86-A994-D53154558E20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "07793F4F-477E-4606-B262-F8216DEEA8D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FD7AAA-D27C-4B16-995A-AEC044C9E7C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F175B9E5-999F-4BBC-9B2C-AF71992ABE94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E73C64A4-5353-43D2-8E60-9222B5C2403D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C262FB71-D4D4-4F1F-9D5A-5F948273EF73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB4F5155-562F-4923-8D21-B99A2E31BA05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "99D71BA3-1491-46F7-B684-30BE37ED79C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "045C0948-0D5C-4A91-B62A-5DA97A7CBCAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F406B34-FFEE-4DF6-8720-C6CD0C786694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2AF031D-8BE0-4D26-98B2-B4484A5F1657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DACCD55F-C3DC-4AE4-80F4-C873DCA3F763",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6485D96D-95FE-4980-A476-922DBCCB362A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D867F5A-639B-4B4C-87F9-377869D925DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A906623-8A36-4211-98C4-4646A0489936",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FFF2C26-2B05-4949-B87A-E1EC1D4A8FB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA4F3780-BBEB-4355-AFAD-7F69176ECF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "380F457A-E570-437E-8F23-B354C8BB15A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3FCEEC1-7917-4A33-A7DF-6FB35065E8F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "713FF10E-813F-4089-88CF-AB1368CDE376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB6F305-E6A6-4D74-BEF7-668FE6000529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8484147E-0054-4819-940C-FBDF533D6422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12B02585-2315-4143-BE33-47C509CE0D13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EBB720-9AC9-42B4-80F7-2FF61020E58D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA0D966-9748-4B03-9EA9-63CD3B6990F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7475AFA-46FB-4035-97CB-0F37BCB7DD55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A12095D3-CB90-4EEF-B265-AE899BF0BCEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91F0089-CBE6-4588-9BC0-E7947A050CDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F7DC56B-C888-4111-A000-27E34166EB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A730D6E-327B-4E6C-9F38-6AC117EAED8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7521C5A1-0441-4132-92BB-0F4DD93C0BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ADB59B3-5C43-463B-B714-43264052134B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D98F8B98-71CB-421E-B2B5-4AF2C9B4BA5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3347E60D-297F-425F-9644-9933650081BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wterm:wterm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F5A2D96-4DD9-43C8-BC2B-BF0C65820F3A",
              "versionEndIncluding": "6.2.8a2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wterm:wterm:6.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "398586ED-E758-4D7A-B4D7-EDE57A044AFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wterm:wterm:6.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "21101465-3B77-441C-BC85-5E63E75A8D4B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.  NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected.  NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
    },
    {
      "lang": "es",
      "value": "Rxvt versi\u00f3n 2.6.4 abre una ventana terminal en :0 si no se establece la variable de entorno DISPLAY, lo que podr\u00eda permitir a los usuarios locales secuestrar conexiones X11. NOTA: m\u00e1s tarde se inform\u00f3 que rxvt-unicode, mrxvt, aterm, multi-aterm y wterm tambi\u00e9n se ven afectados. NOTA: escenarios de ataque realistas requieren que la v\u00edctima ingrese un comando en la m\u00e1quina incorrecta"
    }
  ],
  "id": "CVE-2008-1142",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.7,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-04-07T17:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29576"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30224"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30225"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30226"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30227"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30229"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31687"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30225"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/30229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/28512"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1142\n\nThis issue does not affect Red Hat Enterprise Linux 3, 4, or 5.\n\nThe Red Hat Security Response Team has rated this issue as having low security impact.  Due to the minimal security consequences of this issue, we do not intend to fix this in Red Hat Enterprise Linux 2.1.  More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/",
      "lastModified": "2008-04-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2003-0067

Vulnerability from fkie_nvd - Published: 2003-03-18 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html	Vendor Advisory
cve@mitre.org	http://marc.info/?l=bugtraq&m=104612710031920&w=2
cve@mitre.org	http://www.iss.net/security_center/static/11414.php	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=104612710031920&w=2
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/11414.php	Vendor Advisory

Impacted products

	Vendor	Product	Version
	aterm	aterm	0.42

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B2F5916-9BED-4070-91F4-A3005CCE07D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
    }
  ],
  "id": "CVE-2003-0067",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-03-18T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11414.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11414.php"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2003-0024

Vulnerability from fkie_nvd - Published: 2003-03-03 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html	Vendor Advisory
cve@mitre.org	http://marc.info/?l=bugtraq&m=104612710031920&w=2
cve@mitre.org	http://www.iss.net/security_center/static/11416.php	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/6949
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=104612710031920&w=2
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/11416.php	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/6949

Impacted products

	Vendor	Product	Version
	aterm	aterm	0.42

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aterm:aterm:0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B2F5916-9BED-4070-91F4-A3005CCE07D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
    },
    {
      "lang": "es",
      "value": "La caracter\u00edstica \"menuBar\" en aterm 0.42 permite a atacantes modificar opciones de menu y ejecutar comandos arbitrarios mediante cierta secuencia de caracter de escape que inserta el comando en el menu."
    }
  ],
  "id": "CVE-2003-0024",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11416.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11416.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6949"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-1142 (GCVE-0-2008-1142)

Vulnerability from cvelistv5 – Published: 2008-04-07 17:00 – Updated: 2024-08-07 08:08

Summary

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://article.gmane.org/gmane.comp.security.oss.…	x_refsource_MISC
	http://secunia.com/advisories/30226	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/28512	vdb-entryx_refsource_BID
	http://secunia.com/advisories/30229	third-party-advisoryx_refsource_SECUNIA
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296	x_refsource_CONFIRM
	http://secunia.com/advisories/31687	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30225	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30227	third-party-advisoryx_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200805-03.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/30224	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/29576	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:57.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2008:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
          },
          {
            "name": "30226",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30226"
          },
          {
            "name": "28512",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28512"
          },
          {
            "name": "30229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30229"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
          },
          {
            "name": "31687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31687"
          },
          {
            "name": "30225",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30225"
          },
          {
            "name": "30227",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30227"
          },
          {
            "name": "GLSA-200805-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
          },
          {
            "name": "30224",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30224"
          },
          {
            "name": "MDVSA-2008:161",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
          },
          {
            "name": "MDVSA-2008:221",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
          },
          {
            "name": "29576",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29576"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.  NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected.  NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-05-13T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2008:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
        },
        {
          "name": "30226",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30226"
        },
        {
          "name": "28512",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28512"
        },
        {
          "name": "30229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30229"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
        },
        {
          "name": "31687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31687"
        },
        {
          "name": "30225",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30225"
        },
        {
          "name": "30227",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30227"
        },
        {
          "name": "GLSA-200805-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
        },
        {
          "name": "30224",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30224"
        },
        {
          "name": "MDVSA-2008:161",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
        },
        {
          "name": "MDVSA-2008:221",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
        },
        {
          "name": "29576",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29576"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1142",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.  NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected.  NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2008:017",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
            },
            {
              "name": "http://article.gmane.org/gmane.comp.security.oss.general/122",
              "refsource": "MISC",
              "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
            },
            {
              "name": "30226",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30226"
            },
            {
              "name": "28512",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28512"
            },
            {
              "name": "30229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30229"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
            },
            {
              "name": "31687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31687"
            },
            {
              "name": "30225",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30225"
            },
            {
              "name": "30227",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30227"
            },
            {
              "name": "GLSA-200805-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
            },
            {
              "name": "30224",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30224"
            },
            {
              "name": "MDVSA-2008:161",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
            },
            {
              "name": "MDVSA-2008:221",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
            },
            {
              "name": "29576",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29576"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1142",
    "datePublished": "2008-04-07T17:00:00",
    "dateReserved": "2008-03-04T00:00:00",
    "dateUpdated": "2024-08-07T08:08:57.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-0067 (GCVE-0-2003-0067)

Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:43

Summary

The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://marc.info/?l=bugtraq&m=104612710031920&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.iss.net/security_center/static/11414.php	vdb-entryx_refsource_XF
	http://archives.neohapsis.com/archives/vulnwatch/…	mailing-listx_refsource_VULNWATCH

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:34.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030224 Terminal Emulator Security Issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
          },
          {
            "name": "terminal-emulator-window-title(11414)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/11414.php"
          },
          {
            "name": "20030224 Terminal Emulator Security Issues",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-01-02T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030224 Terminal Emulator Security Issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
        },
        {
          "name": "terminal-emulator-window-title(11414)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/11414.php"
        },
        {
          "name": "20030224 Terminal Emulator Security Issues",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0067",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
            },
            {
              "name": "terminal-emulator-window-title(11414)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/11414.php"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0067",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-02-04T00:00:00",
    "dateUpdated": "2024-08-08T01:43:34.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-0024 (GCVE-0-2003-0024)

Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:36

Summary

The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/6949	vdb-entryx_refsource_BID
	http://marc.info/?l=bugtraq&m=104612710031920&w=2	mailing-listx_refsource_BUGTRAQ
	http://archives.neohapsis.com/archives/vulnwatch/…	mailing-listx_refsource_VULNWATCH
	http://www.iss.net/security_center/static/11416.php	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:36:25.435Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "6949",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6949"
          },
          {
            "name": "20030224 Terminal Emulator Security Issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
          },
          {
            "name": "20030224 Terminal Emulator Security Issues",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
          },
          {
            "name": "terminal-emulator-menu-modification(11416)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/11416.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-01-02T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "6949",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6949"
        },
        {
          "name": "20030224 Terminal Emulator Security Issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
        },
        {
          "name": "20030224 Terminal Emulator Security Issues",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
        },
        {
          "name": "terminal-emulator-menu-modification(11416)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/11416.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "6949",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6949"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
            },
            {
              "name": "terminal-emulator-menu-modification(11416)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/11416.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0024",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-01-07T00:00:00",
    "dateUpdated": "2024-08-08T01:36:25.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-1142 (GCVE-0-2008-1142)

Vulnerability from nvd – Published: 2008-04-07 17:00 – Updated: 2024-08-07 08:08

Summary

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://article.gmane.org/gmane.comp.security.oss.…	x_refsource_MISC
	http://secunia.com/advisories/30226	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/28512	vdb-entryx_refsource_BID
	http://secunia.com/advisories/30229	third-party-advisoryx_refsource_SECUNIA
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296	x_refsource_CONFIRM
	http://secunia.com/advisories/31687	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30225	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/30227	third-party-advisoryx_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200805-03.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/30224	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://secunia.com/advisories/29576	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:57.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2008:017",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
          },
          {
            "name": "30226",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30226"
          },
          {
            "name": "28512",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28512"
          },
          {
            "name": "30229",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30229"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
          },
          {
            "name": "31687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31687"
          },
          {
            "name": "30225",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30225"
          },
          {
            "name": "30227",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30227"
          },
          {
            "name": "GLSA-200805-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
          },
          {
            "name": "30224",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30224"
          },
          {
            "name": "MDVSA-2008:161",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
          },
          {
            "name": "MDVSA-2008:221",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
          },
          {
            "name": "29576",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29576"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.  NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected.  NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-05-13T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2008:017",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
        },
        {
          "name": "30226",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30226"
        },
        {
          "name": "28512",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28512"
        },
        {
          "name": "30229",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30229"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
        },
        {
          "name": "31687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31687"
        },
        {
          "name": "30225",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30225"
        },
        {
          "name": "30227",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30227"
        },
        {
          "name": "GLSA-200805-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
        },
        {
          "name": "30224",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30224"
        },
        {
          "name": "MDVSA-2008:161",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
        },
        {
          "name": "MDVSA-2008:221",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
        },
        {
          "name": "29576",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29576"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1142",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.  NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected.  NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2008:017",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
            },
            {
              "name": "http://article.gmane.org/gmane.comp.security.oss.general/122",
              "refsource": "MISC",
              "url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
            },
            {
              "name": "30226",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30226"
            },
            {
              "name": "28512",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28512"
            },
            {
              "name": "30229",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30229"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
            },
            {
              "name": "31687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31687"
            },
            {
              "name": "30225",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30225"
            },
            {
              "name": "30227",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30227"
            },
            {
              "name": "GLSA-200805-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
            },
            {
              "name": "30224",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30224"
            },
            {
              "name": "MDVSA-2008:161",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
            },
            {
              "name": "MDVSA-2008:221",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
            },
            {
              "name": "29576",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29576"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1142",
    "datePublished": "2008-04-07T17:00:00",
    "dateReserved": "2008-03-04T00:00:00",
    "dateUpdated": "2024-08-07T08:08:57.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-0067 (GCVE-0-2003-0067)

Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:43

Summary

The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://marc.info/?l=bugtraq&m=104612710031920&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.iss.net/security_center/static/11414.php	vdb-entryx_refsource_XF
	http://archives.neohapsis.com/archives/vulnwatch/…	mailing-listx_refsource_VULNWATCH

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:34.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20030224 Terminal Emulator Security Issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
          },
          {
            "name": "terminal-emulator-window-title(11414)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/11414.php"
          },
          {
            "name": "20030224 Terminal Emulator Security Issues",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-01-02T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20030224 Terminal Emulator Security Issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
        },
        {
          "name": "terminal-emulator-window-title(11414)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/11414.php"
        },
        {
          "name": "20030224 Terminal Emulator Security Issues",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0067",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
            },
            {
              "name": "terminal-emulator-window-title(11414)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/11414.php"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0067",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-02-04T00:00:00",
    "dateUpdated": "2024-08-08T01:43:34.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-0024 (GCVE-0-2003-0024)

Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:36

Summary

The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/6949	vdb-entryx_refsource_BID
	http://marc.info/?l=bugtraq&m=104612710031920&w=2	mailing-listx_refsource_BUGTRAQ
	http://archives.neohapsis.com/archives/vulnwatch/…	mailing-listx_refsource_VULNWATCH
	http://www.iss.net/security_center/static/11416.php	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:36:25.435Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "6949",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6949"
          },
          {
            "name": "20030224 Terminal Emulator Security Issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
          },
          {
            "name": "20030224 Terminal Emulator Security Issues",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
          },
          {
            "name": "terminal-emulator-menu-modification(11416)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/11416.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-01-02T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "6949",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6949"
        },
        {
          "name": "20030224 Terminal Emulator Security Issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
        },
        {
          "name": "20030224 Terminal Emulator Security Issues",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
        },
        {
          "name": "terminal-emulator-menu-modification(11416)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/11416.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0024",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "6949",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6949"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
            },
            {
              "name": "20030224 Terminal Emulator Security Issues",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
            },
            {
              "name": "terminal-emulator-menu-modification(11416)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/11416.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0024",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2003-01-07T00:00:00",
    "dateUpdated": "2024-08-08T01:36:25.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

9 vulnerabilities found for aterm by aterm

FKIE_CVE-2008-1142

FKIE_CVE-2003-0067

FKIE_CVE-2003-0024

CVE-2008-1142 (GCVE-0-2008-1142)

CVE-2003-0067 (GCVE-0-2003-0067)

CVE-2003-0024 (GCVE-0-2003-0024)

CVE-2008-1142 (GCVE-0-2008-1142)

CVE-2003-0067 (GCVE-0-2003-0067)

CVE-2003-0024 (GCVE-0-2003-0024)