FKIE_CVE-2003-0066

Vulnerability from fkie_nvd - Published: 2003-03-03 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.htmlVendor Advisory
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104612710031920&w=2
cve@mitre.orghttp://www.iss.net/security_center/static/11414.phpVendor Advisory
cve@mitre.orghttp://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-054.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-055.html
cve@mitre.orghttp://www.securityfocus.com/advisories/5137
cve@mitre.orghttp://www.securityfocus.com/bid/6953
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104612710031920&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/11414.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-054.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-055.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/advisories/5137
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6953
Impacted products
Vendor Product Version
rxvt rxvt 2.6.1
rxvt rxvt 2.6.2
rxvt rxvt 2.6.3
rxvt rxvt 2.6.4
rxvt rxvt 2.7.5
rxvt rxvt 2.7.6
rxvt rxvt 2.7.7
rxvt rxvt 2.7.8
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5CE4F28-5C30-4A54-8A4B-3FA6B01F1467",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA71D83-EA61-4B68-9D71-40E660C8E9E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB750075-F614-40BA-B26D-CA3826A1B865",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FE05CF-F5F3-4F11-853A-36D4A4CA8FD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "16BC9337-A01B-402D-A9A0-AAE0B49355BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED803842-E280-4998-BD7C-CF8048304FE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "779E9DE5-58AC-4441-8925-3ADC1E042A8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "287104DA-18C9-400C-B23C-CD569E5F11C5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user\u0027s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
    },
    {
      "lang": "es",
      "value": "El emulador de terminal rxvt 2.7.8 permite a atacantes modificar el t\u00edtulo de la ventana mediante cierta secuencia de car\u00e1cter de escape, y a continuaci\u00f3n volver a insertarlo en la l\u00ednea de comandos del terminal del usuario, lo que podr\u00eda permitir al atacante ejecutar comandos arbitrarios."
    }
  ],
  "id": "CVE-2003-0066",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11414.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/advisories/5137"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104612710031920\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11414.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-054.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-055.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/advisories/5137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6953"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.