Vulnerability CVE-2010-2713

Vulnerability Name:

CVE-2010-2713 (CCN-60441)

Assigned:

2010-07-12

Published:

2010-07-12

Updated:

2010-09-09

Summary:

The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence.
Note: this issue exists because of a CVE-2003-0070 regression.
Per: http://cwe.mitre.org/data/definitions/77.html

'CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')'

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-2713

Source: CCN
Type: Gnome FTP site
Fix terminal title reporting

Source: CONFIRM
Type: Exploit, Patch
http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:014

Source: CCN
Type: SA40635
Gnome VTE Icon and Window Title Escape Sequence Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
40635

Source: BID
Type: UNKNOWN
41716

Source: CCN
Type: BID-41716
VTE Window and Icon Title Remote Code Execution Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-962-1

Source: VUPEN
Type: Vendor Advisory
ADV-2010-1839

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=613110

Source: XF
Type: UNKNOWN
gnome-vte-title-command-execution(60441)

Vulnerable Configuration:

Configuration 1:

cpe:/a:nalin_dahyabhai:vte:0.11.21:*:*:*:*:*:*:*

OR cpe:/a:nalin_dahyabhai:vte:0.12.2:*:*:*:*:*:*:*

OR cpe:/a:nalin_dahyabhai:vte:0.14.2:*:*:*:*:*:*:*

OR cpe:/a:nalin_dahyabhai:vte:0.15.0:*:*:*:*:*:*:*

OR cpe:/a:nalin_dahyabhai:vte:0.16.14:*:*:*:*:*:*:*

OR cpe:/a:nalin_dahyabhai:vte:0.17.4:*:*:*:*:*:*:*

OR cpe:/a:nalin_dahyabhai:vte:0.20.5:*:*:*:*:*:*:*

OR cpe:/a:nalin_dahyabhai:vte:0.22.5:*:*:*:*:*:*:*

OR cpe:/a:nalin_dahyabhai:vte:0.24.3:*:*:*:*:*:*:*

OR cpe:/a:nalin_dahyabhai:vte:*:*:*:*:*:*:*:* (Version <= 0.25.1)

AND

cpe:/a:gnome:gnome-terminal:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20102713	V	CVE-2010-2713	2022-05-20
oval:org.opensuse.security:def:33116	P	Security update for libvirt (Important)	2022-01-10
oval:org.opensuse.security:def:42245	P	Security update for gmp (Moderate)	2021-12-06
oval:org.opensuse.security:def:31317	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:32234	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:26179	P	Security update for gmp (Moderate)	2021-12-02
oval:org.opensuse.security:def:31305	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31306	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:26164	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:26153	P	Security update for git (Low)	2021-10-20
oval:org.opensuse.security:def:33726	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:26140	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:33016	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:32185	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:26129	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:26128	P	Security update for postgresql13 (Moderate)	2021-09-16
oval:org.opensuse.security:def:26120	P	Security update for xerces-c (Important)	2021-09-03
oval:org.opensuse.security:def:31672	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:32981	P	Security update for fetchmail (Moderate)	2021-08-18
oval:org.opensuse.security:def:26106	P	Security update for libmspack (Moderate)	2021-08-17
oval:org.opensuse.security:def:32977	P	Security update for libcares2 (Important)	2021-08-16
oval:org.opensuse.security:def:32152	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:33682	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:32129	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:32125	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:26072	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:36319	P	vte-0.22.5-0.2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42726	P	vte-0.22.5-0.2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26067	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:36579	P	vte-devel-0.22.5-0.2.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:33658	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:32095	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:31615	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:32081	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:31605	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:26028	P	Security update for xorg-x11-server (Important)	2021-04-13
oval:org.opensuse.security:def:34404	P	Security update for glibc (Important)	2021-04-13
oval:org.opensuse.security:def:32891	P	Security update for openexr (Moderate)	2021-04-07
oval:org.opensuse.security:def:32059	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:28961	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:26204	P	Security update for freeradius-server (Low)	2021-03-04
oval:org.opensuse.security:def:31737	P	Security update for python-cryptography (Important)	2021-03-02
oval:org.opensuse.security:def:29473	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:32239	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:32902	P	Security update for openldap2 (Moderate)	2021-01-14
oval:org.opensuse.security:def:26210	P	Security update for MozillaFirefox (Important)	2021-01-12
oval:org.opensuse.security:def:32273	P	Security update for MozillaFirefox (Important)	2021-01-12
oval:org.opensuse.security:def:32020	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:33619	P	Security update for mutt (Important)	2020-12-07
oval:org.opensuse.security:def:32003	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:36053	P	vte-0.22.5-0.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42460	P	vte-0.22.5-0.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35838	P	vte-0.22.5-0.2.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25614	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:31829	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26758	P	libopenssl0_9_8 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31915	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:26334	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25806	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26846	P	xterm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:34364	P	Security update for tcpdump (Moderate)	2020-12-01
oval:org.opensuse.security:def:25814	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:27016	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32451	P	Security update for xen (Moderate)	2020-12-01
oval:org.opensuse.security:def:26904	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31786	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26413	P	Security update for go1.8 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26018	P	Security update for freerdp (Important)	2020-12-01
oval:org.opensuse.security:def:25389	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:31523	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:26445	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32539	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27577	P	vte-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25868	P	Security update for pcre (Moderate)	2020-12-01
oval:org.opensuse.security:def:31871	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:29320	P	Security update for IBM Java 1.4.2	2020-12-01
oval:org.opensuse.security:def:32763	P	pam_ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25464	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31886	P	Security update for ed (Low)	2020-12-01
oval:org.opensuse.security:def:26547	P	freeradius-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32605	P	sudo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25880	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:29527	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:28881	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:25673	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:26600	P	librpcsecgss on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33282	P	vte on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31519	P	Security update for sendmail	2020-12-01
oval:org.opensuse.security:def:33356	P	Security update for openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:29615	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26837	P	vte on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27282	P	qt3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31531	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:26470	P	Security update for git-annex (Moderate)	2020-12-01
oval:org.opensuse.security:def:33570	P	Security update for LibVNCServer (Moderate)	2020-12-01
oval:org.opensuse.security:def:29677	P	Security update for dnsmasq (Important)	2020-12-01
oval:org.opensuse.security:def:29178	P	Security update for microcode_ctl (Important)	2020-12-01
oval:org.opensuse.security:def:26232	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:32295	P	Security update for ppp (Important)	2020-12-01
oval:org.opensuse.security:def:25603	P	Security update for java-1_8_0-openjdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:26705	P	gd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30352	P	Security update for vte, vte-debuginfo, vte-debugsource, vte-devel, vte-doc, vte-lang	2020-12-01
oval:org.opensuse.security:def:31759	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:26320	P	Security update to go1.4 (Low)	2020-12-01
oval:org.opensuse.security:def:25678	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:26807	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33211	P	nagios-nrpe on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31971	P	Security update for jakarta-commons-collections (Moderate)	2020-12-01
oval:org.opensuse.security:def:26378	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25887	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:32395	P	Security update for unrar (Important)	2020-12-01
oval:org.opensuse.security:def:26860	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31785	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26332	P	Security update for karchive (Important)	2020-12-01
oval:org.opensuse.security:def:25965	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:27051	P	vte on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25388	P	Security update for libsolv (Moderate)	2020-12-01
oval:org.opensuse.security:def:31391	P	Security update for pam (Moderate)	2020-12-01
oval:org.opensuse.security:def:26294	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:32500	P	cyrus-imapd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27542	P	python-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31797	P	Recommended update for NetworkManager-kde4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29235	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25400	P	Security update for bcm43xx-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:26498	P	Security update for nextcloud (Moderate)	2020-12-01
oval:org.opensuse.security:def:32561	P	libpng12-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25869	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:32802	P	vte on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28880	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:25592	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:31973	P	Security update for jakarta-taglibs-standard (Important)	2020-12-01
oval:org.opensuse.security:def:26586	P	libexiv2-4 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33243	P	python-lxml on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25944	P	Security update for libplist (Moderate)	2020-12-01
oval:org.opensuse.security:def:33268	P	systemtap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29576	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26802	P	pcsc-lite on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28892	P	Security update for ecryptfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:25730	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:26644	P	tar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31520	P	Security update for rpcbind (Moderate)	2020-12-01
oval:org.opensuse.security:def:33513	P	Security update for perl-HTML-Parser	2020-12-01
oval:org.opensuse.security:def:29633	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:32890	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29092	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:27317	P	vte on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25602	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:26554	P	ghostscript-fonts-other on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30315	P	Security update for tftp	2020-12-01
oval:org.opensuse.security:def:26281	P	Security update for hexchat (Moderate)	2020-12-01
oval:org.opensuse.security:def:32339	P	Security update for shim (Moderate)	2020-12-01
oval:org.mitre.oval:def:13372	P	USN-962-1 -- vte vulnerability	2014-06-30

BACK