CVE-2003-0063
published 2003-03-03CVE-2003-0063: The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it…
PriorityP429high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
EPSS
3.40%
87.4th percentile
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | terminology | < terminology 0.7.0-2 (bookworm) | terminology 0.7.0-2 (bookworm) |
| debian | xterm | < xterm 238-2 (bookworm) | xterm 238-2 (bookworm) |
| enlightenment | terminology | — | — |
| enlightenment | terminology | >= 0 < 0.7.0-2 | 0.7.0-2 |
| enlightenment | terminology | >= 0 < 0.7.0-2 | 0.7.0-2 |
| enlightenment | terminology | >= 0 < 0.7.0-2 | 0.7.0-2 |
| enlightenment | terminology | >= 0 < 0.7.0-2 | 0.7.0-2 |
| github.com | migueldeicaza_swiftterm | >= 0 < 1.2.0 | 1.2.0 |
| invisible-island | xterm | — | — |
| invisible-island | xterm | >= 0 < 238-2 | 238-2 |
| invisible-island | xterm | >= 0 < 238-2 | 238-2 |
| invisible-island | xterm | >= 0 < 238-2 | 238-2 |
| invisible-island | xterm | >= 0 < 238-2 | 238-2 |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
| xfree86_project | x11r6 | — | — |
CVSS provenance
nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa7.3HIGH
osv7.3HIGH
vendor_debian7.3MEDIUM
vendor_redhat7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SwiftTerm Code Injection vulnerability
ghsa·2023-07-14·CVSS 7.3
CVE-2022-23465 [HIGH] CWE-94 SwiftTerm Code Injection vulnerability
SwiftTerm Code Injection vulnerability
### Impact
Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
### Credit
These bugs were found and disclosed by David Leadbeater (@dgl at Github.com)
### Patches
Fixed in version ce596e0dc8cdb288bc7ed5c6a59011ee3a8dc171
### Workarounds
There are no workarounds available
### References
Similar exploits to this existed in the past, for terminal emulators:
https://nvd.nist.gov/vuln/detail/CVE-2003-0063
https://nvd.nist.gov/vuln/detail/CVE-2008-2383
Additional background and information is also available:
https://marc.info
OSV
SwiftTerm Code Injection vulnerability
osv·2023-07-14·CVSS 7.3
CVE-2022-23465 [HIGH] SwiftTerm Code Injection vulnerability
SwiftTerm Code Injection vulnerability
### Impact
Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
### Credit
These bugs were found and disclosed by David Leadbeater (@dgl at Github.com)
### Patches
Fixed in version ce596e0dc8cdb288bc7ed5c6a59011ee3a8dc171
### Workarounds
There are no workarounds available
### References
Similar exploits to this existed in the past, for terminal emulators:
https://nvd.nist.gov/vuln/detail/CVE-2003-0063
https://nvd.nist.gov/vuln/detail/CVE-2008-2383
Additional background and information is also available:
https://marc.info
GHSA
GHSA-c74f-gxvx-3568: Terminology 0
ghsa_unreviewed·2022-05-13·CVSS 7.3
CVE-2015-8971 [HIGH] CWE-77 GHSA-c74f-gxvx-3568: Terminology 0
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
GHSA
GHSA-94vw-2f3v-j88m: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na
ghsa_unreviewed·2022-05-01·CVSS 7.3
CVE-2008-2383 [HIGH] CWE-94 GHSA-94vw-2f3v-j88m: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
GHSA
GHSA-4f3f-7mf9-qrhc: The xterm terminal emulator in XFree86 4
ghsa_unreviewed·2022-04-29
CVE-2003-0063 [HIGH] CWE-150 GHSA-4f3f-7mf9-qrhc: The xterm terminal emulator in XFree86 4
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
OSV
CVE-2015-8971: Terminology 0
osv·2017-01-23·CVSS 7.3
CVE-2015-8971 [HIGH] CVE-2015-8971: Terminology 0
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
OSV
CVE-2008-2383: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na
osv·2009-01-02·CVSS 7.3
CVE-2008-2383 [HIGH] CVE-2008-2383: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Debian
CVE-2015-8971: terminology - Terminology 0.7.0 allows remote attackers to execute arbitrary commands via esca...
vendor_debian·2015·CVSS 7.3
CVE-2015-8971 [HIGH] CVE-2015-8971: terminology - Terminology 0.7.0 allows remote attackers to execute arbitrary commands via esca...
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
Scope: local
bookworm: resolved (fixed in 0.7.0-2)
bullseye: resolved (fixed in 0.7.0-2)
forky: resolved (fixed in 0.7.0-2)
sid: resolved (fixed in 0.7.0-2)
trixie: resolved (fixed in 0.7.0-2)
Red Hat
xterm: arbitrary command injection
vendor_redhat·2008-12-29·CVSS 7.3
CVE-2008-2383 [HIGH] xterm: arbitrary command injection
xterm: arbitrary command injection
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Debian
CVE-2008-2383: xterm - CRLF injection vulnerability in xterm allows user-assisted attackers to execute ...
vendor_debian·2008·CVSS 7.3
CVE-2008-2383 [HIGH] CVE-2008-2383: xterm - CRLF injection vulnerability in xterm allows user-assisted attackers to execute ...
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Scope: local
bookworm: resolved (fixed in 238-2)
bullseye: resolved (fixed in 238-2)
forky: resolved (fixed in 238-2)
sid: resolved (fixed in 238-2)
trixie: resolved (fixed in 238-2)
Red Hat
security flaw
vendor_redhat·2003-02-24·CVSS 7.3
CVE-2003-0063 [HIGH] security flaw
security flaw
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2003-0063 security flaw
bugzilla·2018-08-16·CVSS 7.3
CVE-2003-0063 [HIGH] CVE-2003-0063 security flaw
CVE-2003-0063 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
Bugzilla
CVE-2008-2383 xterm: arbitrary command injection
bugzilla·2009-01-05·CVSS 7.3
CVE-2008-2383 [HIGH] CVE-2008-2383 xterm: arbitrary command injection
CVE-2008-2383 xterm: arbitrary command injection
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2383 to the following vulnerability:
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
This issue affects xterm as shipped with Red Hat Enterprise Linux 3, 4, and 5.
Discussion:
Created attachment 328245
Patch extracted from upstream
---
The version of xterm as shipped in Red Hat Enterprise Linux 2.1 is not affected by this issue.
The reason is that in the older xterm version control characters such as \n characters were not al
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.htmlhttp://marc.info/?l=bugtraq&m=104612710031920&w=2http://www.debian.org/security/2003/dsa-380http://www.iss.net/security_center/static/11414.phphttp://www.openwall.com/lists/oss-security/2024/06/15/1http://www.redhat.com/support/errata/RHSA-2003-064.htmlhttp://www.redhat.com/support/errata/RHSA-2003-065.htmlhttp://www.redhat.com/support/errata/RHSA-2003-066.htmlhttp://www.redhat.com/support/errata/RHSA-2003-067.htmlhttp://www.securityfocus.com/bid/6940http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.htmlhttp://marc.info/?l=bugtraq&m=104612710031920&w=2http://www.debian.org/security/2003/dsa-380http://www.iss.net/security_center/static/11414.phphttp://www.openwall.com/lists/oss-security/2024/06/15/1http://www.redhat.com/support/errata/RHSA-2003-064.htmlhttp://www.redhat.com/support/errata/RHSA-2003-065.htmlhttp://www.redhat.com/support/errata/RHSA-2003-066.htmlhttp://www.redhat.com/support/errata/RHSA-2003-067.htmlhttp://www.securityfocus.com/bid/6940
2003-03-03
Published