Vulnerability Name:

CVE-2003-0079 (CCN-11415)

Assigned:2003-02-24
Published:2003-02-24
Updated:2016-10-18
Summary:The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: VulnWatch Mailing List, Mon Feb 24 2003 - 15:02:52 CST
Terminal Emulator Security Issues

Source: VULNWATCH
Type: Vendor Advisory
20030224 Terminal Emulator Security Issues

Source: MITRE
Type: CNA
CVE-2003-0071

Source: MITRE
Type: CNA
CVE-2003-0079

Source: BUGTRAQ
Type: UNKNOWN
20030224 Terminal Emulator Security Issues

Source: CCN
Type: RHSA-2003-064
Updated XFree86 4.1.0 packages are available

Source: CCN
Type: RHSA-2003-065
XFree86 security update

Source: CCN
Type: RHSA-2003-066
Updated XFree86 packages provide security and bug fixes

Source: CCN
Type: RHSA-2003-067
Updated XFree86 packages provide security and bug fixes

Source: CCN
Type: RHSA-2003-070
Updated hanterm packages provide security fixes

Source: CCN
Type: RHSA-2003-071
hanterm-xf security update

Source: CCN
Type: Sun Alert ID: 55602
Sun Linux 5.0 Security Vulnerabilities in XFree86 Packages

Source: CCN
Type: CIAC Information Bulletin N-110
Red Hat Updated XFree86 Packages Provide Security and Bug Fixes

Source: DEBIAN
Type: DSA-380
xfree86 -- buffer overflows

Source: XF
Type: Vendor Advisory
terminal-emulator-dec-udk(11415)

Source: OSVDB
Type: UNKNOWN
4918

Source: CCN
Type: OSVDB ID: 4918
Hangul Terminal hanterm-xf DoS

Source: REDHAT
Type: UNKNOWN
RHSA-2003:070

Source: REDHAT
Type: UNKNOWN
RHSA-2003:071

Source: BID
Type: UNKNOWN
6944

Source: CCN
Type: BID-6944
Hanterm-XF Loop-Based Escape Sequence Denial of Service Vulnerability

Source: CCN
Type: BID-6950
Xterm Loop-Based Escape Sequence Denial Of Service Vulnerability

Source: CCN
Type: BID-9930
Apache Error and Access Logs Escape Sequence Injection Vulnerability

Source: XF
Type: UNKNOWN
terminal-emulator-dec-udk(11415)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hanterm:hanterm-xf:2.0:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:xfree86:xfree86:4.2.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    hanterm hanterm-xf 2.0
    xfree86 xfree86 4.2.0
    hp hp-ux 11.00
    hp hp-ux 11.11
    redhat linux 7.1
    redhat linux 7.2
    redhat linux 7.3
    debian debian linux 3.0
    redhat linux 8.0
    hp hp-ux 11.22
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    hp hp-ux 11.23
    redhat linux advanced workstation 2.1