All the vulnerabilites related to rxvt - rxvt
Vulnerability from fkie_nvd
Published
1996-01-02 05:00
Modified
2024-11-20 23:30
Severity ?
Summary
rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rxvt:rxvt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9305637-EC79-4BD5-82FC-A1DF3A3D32F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "674066BB-2576-4AAE-B97F-A4470815F1AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC0D816-7D38-4CE1-B78C-3A02195713D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter."
}
],
"id": "CVE-1999-1186",
"lastModified": "2024-11-20T23:30:30.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1996-01-02T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167418966\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167418966\u0026w=2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CE4F28-5C30-4A54-8A4B-3FA6B01F1467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA71D83-EA61-4B68-9D71-40E660C8E9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB750075-F614-40BA-B26D-CA3826A1B865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31FE05CF-F5F3-4F11-853A-36D4A4CA8FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16BC9337-A01B-402D-A9A0-AAE0B49355BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ED803842-E280-4998-BD7C-CF8048304FE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "779E9DE5-58AC-4441-8925-3ADC1E042A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "287104DA-18C9-400C-B23C-CD569E5F11C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
},
{
"lang": "es",
"value": "La caracter\u00edstica \"menuBar\" en rxvt 2.7.8 permite a atacantes modificar opciones de men\u00fa y ejecutar comandos arbitrarios mediante una cierta secuencia de caracteres de escape que inserta comandos en el men\u00fa."
}
],
"id": "CVE-2003-0023",
"lastModified": "2024-11-20T23:43:45.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11416.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11416.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6947"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-07 17:44
Modified
2024-11-21 00:43
Severity ?
Summary
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:aterm:aterm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "906079C8-6164-4E15-A171-759A9C2D33CB",
"versionEndIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFE971D-9704-411B-89EC-2BE46D7E4930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65887C4E-3B44-4AA6-919B-88D987C440E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07EF6773-1416-444A-9CCB-00459BBF30DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB4F3E9-B8C3-4DBB-8686-AEB36D0D7A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9CDB7D2-1EB3-4E08-BFEC-572720079B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A65ADF9D-8591-4046-809E-090B13098E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06C17CD8-84FA-4A07-A5B3-C3D3CFD701DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6E8374-C6AF-4BF0-8F08-1DFB788FB1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "438FCC6C-14F7-4E09-A83D-CB09A4C087F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "65DE72EB-BCB3-44D7-84B8-25C098D79ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7237B6AB-CA2C-4F4E-812F-5A5B466E946A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48413ADC-4E8B-4030-919F-06DDB10FEB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FDB25A3-56B5-4C4C-83CA-8CAB21E03371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:1.00:beta1:*:*:*:*:*:*",
"matchCriteriaId": "0EB2756B-E373-475A-AC3F-0D4357BB7410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:1.00:beta2:*:*:*:*:*:*",
"matchCriteriaId": "6814E277-848C-4B8B-83A7-7E72B0EBC906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:1.00:beta3:*:*:*:*:*:*",
"matchCriteriaId": "E13A6D13-157C-4A9C-9D79-D4C3418A3867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:aterm:aterm:1.00:beta4:*:*:*:*:*:*",
"matchCriteriaId": "5CE84A43-27D4-41AB-BFD0-3986137E2748",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eterm:eterm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2367DBAD-54A6-4ADA-83A1-F7DBC3813500",
"versionEndIncluding": "0.9.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:eterm:eterm:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF3630F-CE7F-4A04-8094-1E692D32DF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrxvt:mrxvt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDEA3F78-F92B-45E2-9406-FDB58FA43021",
"versionEndIncluding": "0.5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrxvt:mrxvt:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1645E2-E752-4D1B-887D-61A54E165C6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:multi-aterm:multi-aterm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60168674-59D0-42E9-AF75-59E1D67C392D",
"versionEndIncluding": "0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:multi-aterm:multi-aterm:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36C575E5-6D9B-48A1-A756-304D8EC480C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:multi-aterm:multi-aterm:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B4F027-019B-4C38-BD32-FDC6CF6F27F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:multi-aterm:multi-aterm:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "019BA414-15C4-46F5-830F-1EC910C65B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:multi-aterm:multi-aterm:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE85183-4BD5-45CA-9723-4EE635D61EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:multi-aterm:multi-aterm:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51D5D44E-8936-4B6D-8A83-839F3A0FBE59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB2370B-7366-4291-B602-26342194094C",
"versionEndIncluding": "2.7.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CE4F28-5C30-4A54-8A4B-3FA6B01F1467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA71D83-EA61-4B68-9D71-40E660C8E9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB750075-F614-40BA-B26D-CA3826A1B865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31FE05CF-F5F3-4F11-853A-36D4A4CA8FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16BC9337-A01B-402D-A9A0-AAE0B49355BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ED803842-E280-4998-BD7C-CF8048304FE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "779E9DE5-58AC-4441-8925-3ADC1E042A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "287104DA-18C9-400C-B23C-CD569E5F11C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02EDF05C-DE07-4C0C-878B-76DD7CFE0C28",
"versionEndIncluding": "9.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB9BC7D-3ABE-4262-A705-DAA17A527257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E86C5E10-4E22-4E5C-A2E5-575D291301BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AFA17952-574A-48C3-BC45-B7B8242D89CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "765462C7-1EE5-43BE-AD1E-4FEB74C486F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "499B59D2-8535-4A07-B221-AA26EAACAB31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B87E8504-8CF7-4AB4-A437-8D15D623EE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF5A78E-1CA2-47C3-AF35-0F4024F8C57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FB280BBD-663C-4F72-86F6-D67B65F14D97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FEEF3E4C-0014-4062-BD27-11649D6DC022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE654A2-DC0C-4764-92E9-45B1890ED9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "263D8B7E-046C-4C68-8FE0-6FE56DCC6140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54383B98-264B-4C5C-9E0F-F06CFC200827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "550ED2B1-0273-407A-B9E2-8B219ECF5F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ECC2A517-FFFF-4266-A900-36F09D2A0B1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01B30E8A-FD5B-473D-AEDD-96CB8533CE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "898BFA6D-1874-4DC0-8A23-196011EA6AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542D823A-6321-4EC8-B580-27AC0FABA07D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A78B12DC-F538-48B8-9097-A5B6E35190BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13E67E56-F415-46E5-A147-19B18EC0CB47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1263E928-4629-4627-9C48-3BEF8EA6A8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8A8C74-F783-4460-95B0-0F70DAAF1214",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60169CC8-A154-4250-BCE1-BCF05EDDE840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCD73D1-AEDE-4775-A242-B37078088577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BE74E8-AAE2-45B0-A27B-425130E94BB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C76CAB9D-C5E5-452C-9C0B-E5415AB650F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81F5C9D0-F4B4-448D-930C-17B037C4AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "830E5352-49B6-4941-91C2-03FF48AE6654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7B3932-0C64-4F0D-9C27-31F823958FC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8C6532-DE29-4071-9156-ABEFACA02BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0AFAF1-F061-4C0E-9550-206824C19466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5B410B3D-D43A-4A62-9CDB-69C4E16062DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C25C6C41-3CD6-4FA8-8223-996B010A40E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BADC5D37-AAB3-4709-A156-D2CDA3AB2D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B96FCB-ABC8-4FBE-B386-4612B3FFF5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4014961-4950-4C2D-9FE8-EBB089F2D080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C939A580-A0CA-4FC9-BCC0-1C7BAB6AB6F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "542D14EE-F1FD-4E1D-BB5E-0E71C3A79186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAF5AC0-C9F3-4096-8071-FDE918291C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E090BEAD-535D-4CC0-8AEF-C66F6C57657F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9727CD66-4D54-4B80-843D-67BF421125A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD5EBFB-B2B6-4E71-A2F7-2ECADFC99DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "931F6A8E-AC22-49A7-ABC8-F9E685C5DB4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD68C4D-47E0-4325-9B7F-A73F455CD7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13C292CB-B53B-4E86-A994-D53154558E20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "07793F4F-477E-4606-B262-F8216DEEA8D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "37FD7AAA-D27C-4B16-995A-AEC044C9E7C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F175B9E5-999F-4BBC-9B2C-AF71992ABE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E73C64A4-5353-43D2-8E60-9222B5C2403D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C262FB71-D4D4-4F1F-9D5A-5F948273EF73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB4F5155-562F-4923-8D21-B99A2E31BA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "99D71BA3-1491-46F7-B684-30BE37ED79C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "045C0948-0D5C-4A91-B62A-5DA97A7CBCAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F406B34-FFEE-4DF6-8720-C6CD0C786694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E2AF031D-8BE0-4D26-98B2-B4484A5F1657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DACCD55F-C3DC-4AE4-80F4-C873DCA3F763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6485D96D-95FE-4980-A476-922DBCCB362A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D867F5A-639B-4B4C-87F9-377869D925DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A906623-8A36-4211-98C4-4646A0489936",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFF2C26-2B05-4949-B87A-E1EC1D4A8FB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4F3780-BBEB-4355-AFAD-7F69176ECF8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "380F457A-E570-437E-8F23-B354C8BB15A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FCEEC1-7917-4A33-A7DF-6FB35065E8F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "713FF10E-813F-4089-88CF-AB1368CDE376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB6F305-E6A6-4D74-BEF7-668FE6000529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8484147E-0054-4819-940C-FBDF533D6422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12B02585-2315-4143-BE33-47C509CE0D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EBB720-9AC9-42B4-80F7-2FF61020E58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA0D966-9748-4B03-9EA9-63CD3B6990F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7475AFA-46FB-4035-97CB-0F37BCB7DD55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A12095D3-CB90-4EEF-B265-AE899BF0BCEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D91F0089-CBE6-4588-9BC0-E7947A050CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7DC56B-C888-4111-A000-27E34166EB95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4A730D6E-327B-4E6C-9F38-6AC117EAED8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7521C5A1-0441-4132-92BB-0F4DD93C0BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2ADB59B3-5C43-463B-B714-43264052134B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D98F8B98-71CB-421E-B2B5-4AF2C9B4BA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt-unicode:rxvt-unicode:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3347E60D-297F-425F-9644-9933650081BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wterm:wterm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5A2D96-4DD9-43C8-BC2B-BF0C65820F3A",
"versionEndIncluding": "6.2.8a2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wterm:wterm:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "398586ED-E758-4D7A-B4D7-EDE57A044AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wterm:wterm:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "21101465-3B77-441C-BC85-5E63E75A8D4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
},
{
"lang": "es",
"value": "Rxvt versi\u00f3n 2.6.4 abre una ventana terminal en :0 si no se establece la variable de entorno DISPLAY, lo que podr\u00eda permitir a los usuarios locales secuestrar conexiones X11. NOTA: m\u00e1s tarde se inform\u00f3 que rxvt-unicode, mrxvt, aterm, multi-aterm y wterm tambi\u00e9n se ven afectados. NOTA: escenarios de ataque realistas requieren que la v\u00edctima ingrese un comando en la m\u00e1quina incorrecta"
}
],
"id": "CVE-2008-1142",
"lastModified": "2024-11-21T00:43:46.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-07T17:44:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29576"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30224"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30225"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30226"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30227"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30229"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31687"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28512"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1142\n\nThis issue does not affect Red Hat Enterprise Linux 3, 4, or 5.\n\nThe Red Hat Security Response Team has rated this issue as having low security impact. Due to the minimal security consequences of this issue, we do not intend to fix this in Red Hat Enterprise Linux 2.1. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/",
"lastModified": "2008-04-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CE4F28-5C30-4A54-8A4B-3FA6B01F1467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA71D83-EA61-4B68-9D71-40E660C8E9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB750075-F614-40BA-B26D-CA3826A1B865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31FE05CF-F5F3-4F11-853A-36D4A4CA8FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16BC9337-A01B-402D-A9A0-AAE0B49355BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ED803842-E280-4998-BD7C-CF8048304FE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "779E9DE5-58AC-4441-8925-3ADC1E042A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "287104DA-18C9-400C-B23C-CD569E5F11C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
},
{
"lang": "es",
"value": "El emulador de terminal rxvt 2.7.8 permite a atacantes modificar el t\u00edtulo de la ventana mediante cierta secuencia de car\u00e1cter de escape, y a continuaci\u00f3n volver a insertarlo en la l\u00ednea de comandos del terminal del usuario, lo que podr\u00eda permitir al atacante ejecutar comandos arbitrarios."
}
],
"id": "CVE-2003-0066",
"lastModified": "2024-11-20T23:43:52.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11414.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/advisories/5137"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11414.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/advisories/5137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6953"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CE4F28-5C30-4A54-8A4B-3FA6B01F1467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA71D83-EA61-4B68-9D71-40E660C8E9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB750075-F614-40BA-B26D-CA3826A1B865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31FE05CF-F5F3-4F11-853A-36D4A4CA8FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16BC9337-A01B-402D-A9A0-AAE0B49355BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ED803842-E280-4998-BD7C-CF8048304FE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "779E9DE5-58AC-4441-8925-3ADC1E042A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "287104DA-18C9-400C-B23C-CD569E5F11C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"screen dump\" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user\u0027s terminal, e.g. when the user views a file containing the malicious sequence."
},
{
"lang": "es",
"value": "La caracter\u00edstica \"volcado de pantalla\" en rxvt 2.7.8 permite a atacantes sobreescribir ficheros arbitrarios mediante una cierta secuencia de escape de caracteres cuando se hace eco en el terminal de un usuario, por ejemplo cuando el usuario ve un fichero conteniendo la secuencia maliciosa."
}
],
"id": "CVE-2003-0022",
"lastModified": "2024-11-20T23:43:45.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11413.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11413.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6938"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-06-01 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| michael_jennings | eterm | 0.8.10 | |
| putty | putty | 0.48 | |
| rxvt | rxvt | 2.6.1 | |
| xfree86_project | x11r6 | 3.3.3 | |
| xfree86_project | x11r6 | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:michael_jennings:eterm:0.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B33FE201-759E-4EE4-B19E-A25E6FBD711B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "1283B462-042C-4857-A700-4179AAE20E2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5CE4F28-5C30-4A54-8A4B-3FA6B01F1467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xfree86_project:x11r6:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C104B02C-3F3B-4DB4-8A1D-65A7DAA380EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F33E5444-E178-4F49-BDA1-DE576D8526EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized."
}
],
"id": "CVE-2000-0476",
"lastModified": "2024-11-20T23:32:35.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-06-01T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2024/06/09/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2024/06/09/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/06/09/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/06/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1298"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-06-15 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA71D83-EA61-4B68-9D71-40E660C8E9E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument."
}
],
"id": "CVE-2001-1077",
"lastModified": "2024-11-20T23:36:49.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-06-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-028-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-062"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-060.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/191510"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/2878"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-028-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-060.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/191510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/2878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6701"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2001-1077
Vulnerability from cvelistv5
Published
2002-02-02 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/2878 | vdb-entry, x_refsource_BID | |
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-060.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.securityfocus.com/archive/1/191510 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6701 | vdb-entry, x_refsource_XF | |
| http://www.debian.org/security/2001/dsa-062 | vendor-advisory, x_refsource_DEBIAN | |
| http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-028-01 | vendor-advisory, x_refsource_IMMUNIX |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:07.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2878",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2878"
},
{
"name": "MDKSA-2001:060",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-060.php"
},
{
"name": "20010615 Rxvt vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/191510"
},
{
"name": "rxvt-ttprintf-bo(6701)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6701"
},
{
"name": "DSA-062",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-062"
},
{
"name": "IMNX-2001-70-028-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX",
"x_transferred"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-028-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2878",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2878"
},
{
"name": "MDKSA-2001:060",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-060.php"
},
{
"name": "20010615 Rxvt vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/191510"
},
{
"name": "rxvt-ttprintf-bo(6701)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6701"
},
{
"name": "DSA-062",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-062"
},
{
"name": "IMNX-2001-70-028-01",
"tags": [
"vendor-advisory",
"x_refsource_IMMUNIX"
],
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-028-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users to gain privileges via a long (1) -T or (2) -name argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2878",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2878"
},
{
"name": "MDKSA-2001:060",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-060.php"
},
{
"name": "20010615 Rxvt vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/191510"
},
{
"name": "rxvt-ttprintf-bo(6701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6701"
},
{
"name": "DSA-062",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-062"
},
{
"name": "IMNX-2001-70-028-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-028-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1077",
"datePublished": "2002-02-02T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:44:07.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-1186
Vulnerability from cvelistv5
Published
2001-09-12 04:00
Modified
2024-08-01 17:02
Severity ?
EPSS score ?
Summary
rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=87602167418966&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:02:53.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19960102 rxvt security hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167418966\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1996-01-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19960102 rxvt security hole",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=87602167418966\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19960102 rxvt security hole",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=87602167418966\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1186",
"datePublished": "2001-09-12T04:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:02:53.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0023
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=104612710031920&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2003-054.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2003-055.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034 | vendor-advisory, x_refsource_MANDRAKE | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.securityfocus.com/bid/6947 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/11416.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030224 Terminal Emulator Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"name": "RHSA-2003:054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"name": "RHSA-2003:055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"name": "MDKSA-2003:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
},
{
"name": "6947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6947"
},
{
"name": "terminal-emulator-menu-modification(11416)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11416.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030224 Terminal Emulator Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"name": "RHSA-2003:054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"name": "RHSA-2003:055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"name": "MDKSA-2003:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
},
{
"name": "6947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6947"
},
{
"name": "terminal-emulator-menu-modification(11416)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11416.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030224 Terminal Emulator Security Issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"name": "RHSA-2003:054",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"name": "RHSA-2003:055",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"name": "MDKSA-2003:034",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
},
{
"name": "6947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6947"
},
{
"name": "terminal-emulator-menu-modification(11416)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11416.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0023",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-01-07T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0022
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=104612710031920&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2003-054.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/6938 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2003-055.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.iss.net/security_center/static/11413.php | vdb-entry, x_refsource_XF | |
| http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034 | vendor-advisory, x_refsource_MANDRAKE | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html | mailing-list, x_refsource_VULNWATCH |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030224 Terminal Emulator Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"name": "RHSA-2003:054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"name": "6938",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6938"
},
{
"name": "RHSA-2003:055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"name": "terminal-emulator-screen-dump(11413)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11413.php"
},
{
"name": "MDKSA-2003:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"screen dump\" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user\u0027s terminal, e.g. when the user views a file containing the malicious sequence."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030224 Terminal Emulator Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"name": "RHSA-2003:054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"name": "6938",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6938"
},
{
"name": "RHSA-2003:055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"name": "terminal-emulator-screen-dump(11413)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11413.php"
},
{
"name": "MDKSA-2003:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"screen dump\" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user\u0027s terminal, e.g. when the user views a file containing the malicious sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030224 Terminal Emulator Security Issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"name": "RHSA-2003:054",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"name": "6938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6938"
},
{
"name": "RHSA-2003:055",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"name": "terminal-emulator-screen-dump(11413)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11413.php"
},
{
"name": "MDKSA-2003:034",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0022",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-01-07T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1142
Vulnerability from cvelistv5
Published
2008-04-07 17:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
},
{
"name": "30226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30226"
},
{
"name": "28512",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28512"
},
{
"name": "30229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "30225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30225"
},
{
"name": "30227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30227"
},
{
"name": "GLSA-200805-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
},
{
"name": "30224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30224"
},
{
"name": "MDVSA-2008:161",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
},
{
"name": "MDVSA-2008:221",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
},
{
"name": "29576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29576"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-05-13T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
},
{
"name": "30226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30226"
},
{
"name": "28512",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28512"
},
{
"name": "30229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "30225",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30225"
},
{
"name": "30227",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30227"
},
{
"name": "GLSA-200805-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
},
{
"name": "30224",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30224"
},
{
"name": "MDVSA-2008:161",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
},
{
"name": "MDVSA-2008:221",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
},
{
"name": "29576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29576"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "http://article.gmane.org/gmane.comp.security.oss.general/122",
"refsource": "MISC",
"url": "http://article.gmane.org/gmane.comp.security.oss.general/122"
},
{
"name": "30226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30226"
},
{
"name": "28512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28512"
},
{
"name": "30229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30229"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "30225",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30225"
},
{
"name": "30227",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30227"
},
{
"name": "GLSA-200805-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
},
{
"name": "30224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30224"
},
{
"name": "MDVSA-2008:161",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:161"
},
{
"name": "MDVSA-2008:221",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:221"
},
{
"name": "29576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29576"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1142",
"datePublished": "2008-04-07T17:00:00",
"dateReserved": "2008-03-04T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0476
Vulnerability from cvelistv5
Published
2000-07-12 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html | mailing-list | |
| http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html | mailing-list | |
| http://www.securityfocus.com/bid/1298 | vdb-entry | |
| http://www.openwall.com/lists/oss-security/2024/06/09/1 | mailing-list | |
| http://www.openwall.com/lists/oss-security/2024/06/09/2 | mailing-list |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:31.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000601 Re: [rootshell.com] Xterm DoS Attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html"
},
{
"name": "20000601 [rootshell.com] Xterm DoS Attack",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html"
},
{
"name": "1298",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1298"
},
{
"name": "[oss-security] 20240609 vte 0.76.3 released with fix for CVE-2024-37535",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/09/1"
},
{
"name": "[oss-security] 20240609 Re: vte 0.76.3 released with fix for CVE-2024-37535",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/09/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:13:15.549161",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000601 Re: [rootshell.com] Xterm DoS Attack",
"tags": [
"mailing-list"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html"
},
{
"name": "20000601 [rootshell.com] Xterm DoS Attack",
"tags": [
"mailing-list"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html"
},
{
"name": "1298",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/1298"
},
{
"name": "[oss-security] 20240609 vte 0.76.3 released with fix for CVE-2024-37535",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/09/1"
},
{
"name": "[oss-security] 20240609 Re: vte 0.76.3 released with fix for CVE-2024-37535",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/09/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0476",
"datePublished": "2000-07-12T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:31.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0066
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/advisories/5137 | vendor-advisory, x_refsource_GENTOO | |
| http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003 | vendor-advisory, x_refsource_MANDRAKE | |
| http://marc.info/?l=bugtraq&m=104612710031920&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.redhat.com/support/errata/RHSA-2003-054.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2003-055.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/6953 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/11414.php | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html | mailing-list, x_refsource_VULNWATCH |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "200303-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.securityfocus.com/advisories/5137"
},
{
"name": "MDKSA-2003:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"name": "RHSA-2003:054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"name": "RHSA-2003:055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"name": "6953",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6953"
},
{
"name": "terminal-emulator-window-title(11414)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11414.php"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-01-02T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "200303-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.securityfocus.com/advisories/5137"
},
{
"name": "MDKSA-2003:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"name": "RHSA-2003:054",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"name": "RHSA-2003:055",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"name": "6953",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6953"
},
{
"name": "terminal-emulator-window-title(11414)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11414.php"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "200303-16",
"refsource": "GENTOO",
"url": "http://www.securityfocus.com/advisories/5137"
},
{
"name": "MDKSA-2003:003",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
},
{
"name": "RHSA-2003:054",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
},
{
"name": "RHSA-2003:055",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
},
{
"name": "6953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6953"
},
{
"name": "terminal-emulator-window-title(11414)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11414.php"
},
{
"name": "20030224 Terminal Emulator Security Issues",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0066",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-04T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}