ID CVE-2006-7236
Summary The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.
References
Vulnerable Configurations
  • cpe:2.3:a:invisible-island:xterm:_nil_:*:*:*:*:*:*:*
    cpe:2.3:a:invisible-island:xterm:_nil_:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
  • cpe:2.3:o:ubuntu:linux:*:*:*:*:*:*:*:*
    cpe:2.3:o:ubuntu:linux:*:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 03-10-2018 - 21:45)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
confirm
secunia 33388
ubuntu USN-703-1
statements via4
contributor Tomas Hoger
lastmodified 2009-01-21
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of the xterm package, as shipped with Red Hat Enterprise Linux 3, 4, and 5, and the version of the XFree86 (providing xterm) and hanterm-xf packages, as shipped with Red Hat Enterprise Linux 2.1.
Last major update 03-10-2018 - 21:45
Published 02-01-2009 - 18:11
Back to Top