Release DateMar 03, 2010 |
Severitymedium |
ImpactIt allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file |
DescriptionThe xterm program is a terminal emulator for the X Window System.A flaw was found in the xterm handling of Device Control Request Status String (DECRQSS) escape sequences. An attacker could create a malicious text file (or log entry, if unfiltered) that could run arbitrary commands if read by a victim inside an xterm window. (CVE-2008-2383) |
Affected Productsxterm before 179-11.EL3 for RHEL3 and Red Hat Desktop (v. 3)xterm before 192-8.el4_7.2 for RHEL4 and Red Hat Desktop (v. 4) xterm before 215-5.el5_2.2 for RHEL5 |
Recommended ActionsRefer to Red Hat security advisory RHSA-2009-0018 for further information and upgrade patch. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-2383 |
