CVE-2008-2383 – xterm: arbitrary command injection

https://notcve.org/view.php?id=CVE-2008-2383

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. Vulnerabilidad de inyección CRLF en xterm, permite a atacantes asistidos por usuarios ejecutar comandos de su elección a través de caracteres LF (también conocido como \n) que rodean el nombre del comando dentro de una secuencia de escape evice Control Request Status String (DECRQSS) en un fichero de texto, es una cuestión relacionada con CVE-2003-0063 y CVE-2003-0071. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/33318 http://secunia.com/advisories/33388 http://secunia.com/advisories/33397 http://secunia.com/advisories/33418 http://secunia.com/advisories/33419 http://secunia.com/advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •