Vulnerability Name:

CVE-2003-0066 (CCN-11414)

Assigned:2003-02-24
Published:2003-02-24
Updated:2016-10-18
Summary:The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Feb 24 2003 - 20:09:39 CST
Re: Terminal Emulator Security Issues

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX0401-309 SSRT3507
HP Tru64 UNIX dtterm Potential Security Vulnerability

Source: CCN
Type: VulnWatch Mailing List, Mon Feb 24 2003 - 15:02:52 CST
Terminal Emulator Security Issues

Source: VULNWATCH
Type: Vendor Advisory
20030224 Terminal Emulator Security Issues

Source: CCN
Type: aterm Web site
Aterm - AfterStep X Windows Terminal Emulator

Source: MITRE
Type: CNA
CVE-2003-0063

Source: MITRE
Type: CNA
CVE-2003-0064

Source: MITRE
Type: CNA
CVE-2003-0065

Source: MITRE
Type: CNA
CVE-2003-0066

Source: MITRE
Type: CNA
CVE-2003-0067

Source: MITRE
Type: CNA
CVE-2003-0068

Source: MITRE
Type: CNA
CVE-2003-0069

Source: MITRE
Type: CNA
CVE-2003-0070

Source: MITRE
Type: CNA
CVE-2003-0077

Source: CCN
Type: Gnome FTP site
Fix terminal title reporting

Source: BUGTRAQ
Type: UNKNOWN
20030224 Terminal Emulator Security Issues

Source: CCN
Type: RHSA-2003-053
Updated vte packages fix gnome-terminal vulnerability

Source: CCN
Type: RHSA-2003-054
Updated rxvt packages fix various vulnerabilites

Source: CCN
Type: RHSA-2003-055
rxvt security update

Source: CCN
Type: RHSA-2003-064
Updated XFree86 4.1.0 packages are available

Source: CCN
Type: RHSA-2003-065
XFree86 security update

Source: CCN
Type: RHSA-2003-066
Updated XFree86 packages provide security and bug fixes

Source: CCN
Type: RHSA-2003-067
Updated XFree86 packages provide security and bug fixes

Source: CCN
Type: RHSA-2003-070
Updated hanterm packages provide security fixes

Source: CCN
Type: RHSA-2003-071
hanterm-xf security update

Source: CCN
Type: Sun Alert ID: 55602
Sun Linux 5.0 Security Vulnerabilities in XFree86 Packages

Source: CCN
Type: Apple Web site
About the security content of Security Update 2010-002 / Mac OS X v10.6.3

Source: CCN
Type: PuTTY Web site
PuTTY: a free Win32 telnet/ssh client

Source: CCN
Type: CIAC Information Bulletin N-110
Red Hat Updated XFree86 Packages Provide Security and Bug Fixes

Source: CCN
Type: CIAC Information Bulletin O-056
Hewlett-Packard dtterm Vulnerability

Source: DEBIAN
Type: DSA-380
xfree86 -- buffer overflows

Source: DEBIAN
Type: DSA-496
eterm -- missing input sanitising

Source: CCN
Type: Eterm Web site
Eterm.Org

Source: CCN
Type: GnomeFiles Web site
GNOME Terminal

Source: XF
Type: Vendor Advisory
terminal-emulator-window-title(11414)

Source: CCN
Type: US-CERT VU#230561
gnome-terminal allows arbitrary command execution when viewing files containing crafted escape sequences

Source: CCN
Type: Gentoo Linux Security Announcement 200303-1
eterm -- dangerous interception of escape sequences

Source: CCN
Type: Gentoo Linux Security Announcement 200303-2
vte -- dangerous interception of escape sequences

Source: CCN
Type: Gentoo Linux Security Announcement 200303-16
rxvt multiple vulnerabilities

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2003:003

Source: CCN
Type: OSVDB ID: 4591
Eterm Window Title Escape Sequence Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 4917
Hangul Terminal hanterm-xf Window Title Escape Sequence Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 60454
dtterm Window Title Escape Sequence Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 60455
uxterm Window Title Escape Sequence Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 60457
aterm Window Title Escape Sequence Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 60458
gnome-terminal (vte) Window Title Escape Sequence Arbitrary Command Execution

Source: CCN
Type: OSVDB ID: 8347
PuTTY Window Title Escape Character Arbitrary Command Execution

Source: REDHAT
Type: UNKNOWN
RHSA-2003:054

Source: REDHAT
Type: UNKNOWN
RHSA-2003:055

Source: GENTOO
Type: UNKNOWN
200303-16

Source: CCN
Type: BID-10237
ETerm Window Title Reporting Escape Sequence Command Execution Vulnerability

Source: CCN
Type: BID-6940
XTerm Window Title Reporting Escape Sequence Command Execution Vulnerability

Source: CCN
Type: BID-6941
Eterm Window Title Reporting Escape Sequence Command Execution Vulnerability

Source: CCN
Type: BID-6942
DTTerm Window Title Reporting Escape Sequence Command Execution Vulnerability

Source: CCN
Type: BID-6945
UXTerm Window Title Reporting Escape Sequence Command Execution Vulnerability

Source: CCN
Type: BID-6946
Hanterm-XF Window Title Reporting Escape Sequence Command Execution Vulnerability

Source: CCN
Type: BID-6948
Gnome-Terminal Window Title Reporting Escape Sequence Command Execution Vulnerability

Source: BID
Type: UNKNOWN
6953

Source: CCN
Type: BID-6953
RXVT Window Title Reporting Escape Sequence Command Execution Vulnerability

Source: CCN
Type: BID-8548
HP Tru64 UNIX Unspecified DTTerm Denial Of Service Vulnerability

Source: CCN
Type: TLSA-2003-19
A number of vulnerabilities in the handling of escape sequences

Source: XF
Type: UNKNOWN
terminal-emulator-window-title(11414)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*
  • OR cpe:/a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*
  • OR cpe:/a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*
  • OR cpe:/a:xfree86:xfree86:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:putty:putty:0.53:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    rxvt rxvt 2.6.1
    rxvt rxvt 2.6.2
    rxvt rxvt 2.6.3
    rxvt rxvt 2.6.4
    rxvt rxvt 2.7.5
    rxvt rxvt 2.7.6
    rxvt rxvt 2.7.7
    rxvt rxvt 2.7.8
    rxvt rxvt 2.7.8
    xfree86 xfree86 4.2.0
    putty putty 0.53
    hp hp-ux 11
    redhat linux 6.2
    hp hp-ux 11.04
    redhat linux 7
    hp hp-ux 11.11
    redhat linux 7.1
    redhat linux 7.2
    mandrakesoft mandrake linux 8.2
    redhat linux 7.3
    debian debian linux 3.0
    gentoo linux *
    redhat linux 8.0
    hp hp-ux 11.22
    mandrakesoft mandrake linux 9.0
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 8.2
    mandrakesoft mandrake linux 9.1
    mandriva linux 2009.1
    mandriva linux 2009.1
    apple mac os x 10.5.8
    apple mac os x server 10.5.8
    apple mac os x server 10.6
    apple mac os x 10.6
    apple mac os x server 10.6.1
    apple mac os x 10.6.1
    apple mac os x server 10.6.2
    apple mac os x 10.6.2
    mandriva linux 2010
    mandriva linux 2010