CVE - CVE-2008-2383

CVE-ID
CVE-2008-2383	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2009-05-12 URL:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BID:33060 URL:http://www.securityfocus.com/bid/33060 CERT:TA09-133A URL:http://www.us-cert.gov/cas/techalerts/TA09-133A.html CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030 CONFIRM:http://support.apple.com/kb/HT3549 DEBIAN:DSA-1694 URL:http://www.debian.org/security/2009/dsa-1694 FEDORA:FEDORA-2009-0059 URL:https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00072.html FEDORA:FEDORA-2009-0154 URL:https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00184.html FEDORA:FEDORA-2023-3746647cc3 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3E2Q6NPKT7V4VKZMSFF4ARLRVYOG4AU/ FEDORA:FEDORA-2023-a004ecb3f8 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOOVZTIABA4MIFUGTAVYWO6QXSUXSST4/ OVAL:oval:org.mitre.oval:def:9317 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9317 REDHAT:RHSA-2009:0018 URL:http://www.redhat.com/support/errata/RHSA-2009-0018.html REDHAT:RHSA-2009:0019 URL:http://www.redhat.com/support/errata/RHSA-2009-0019.html SECTRACK:1021522 URL:http://www.securitytracker.com/id?1021522 SECUNIA:33318 URL:http://secunia.com/advisories/33318 SECUNIA:33388 URL:http://secunia.com/advisories/33388 SECUNIA:33397 URL:http://secunia.com/advisories/33397 SECUNIA:33418 URL:http://secunia.com/advisories/33418 SECUNIA:33419 URL:http://secunia.com/advisories/33419 SECUNIA:33568 URL:http://secunia.com/advisories/33568 SECUNIA:33820 URL:http://secunia.com/advisories/33820 SECUNIA:35074 URL:http://secunia.com/advisories/35074 SUNALERT:254208 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-254208-1~~ (Obsolete source) SUSE:SUSE-SR:2009:002 URL:http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html SUSE:SUSE-SR:2009:003 URL:http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html UBUNTU:USN-703-1 URL:https://usn.ubuntu.com/703-1/ VUPEN:ADV-2009-1297 URL:~~http://www.vupen.com/english/advisories/2009/1297~~ (Obsolete source) XF:xterm-decrqss-code-execution(47655) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/47655
Assigning CNA
MITRE Corporation
Date Record Created
20080521	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080521)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)