CVE-2003-1308
published 2003-12-31CVE-2003-1308: CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via…
PriorityP426medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.32%
67.3th percentile
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | fvwm | < fvwm 1:2.5.18-2 (bookworm) | fvwm 1:2.5.18-2 (bookworm) |
| debian | fvwm | < fvwm 2.5.10-1 (bookworm) | fvwm 2.5.10-1 (bookworm) |
| fvwm | fvwm | <= 2.4.17 | — |
| fvwm | fvwm | <= 2.5.8 | — |
| fvwm | fvwm | <= 2.5.18 | — |
| fvwm | fvwm | >= 0 < 1:2.5.18-2 | 1:2.5.18-2 |
| fvwm | fvwm | >= 0 < 2.5.10-1 | 2.5.10-1 |
| fvwm | fvwm | >= 0 < 1:2.5.18-2 | 1:2.5.18-2 |
| fvwm | fvwm | >= 0 < 2.5.10-1 | 2.5.10-1 |
| fvwm | fvwm | >= 0 < 1:2.5.18-2 | 1:2.5.18-2 |
| fvwm | fvwm | >= 0 < 2.5.10-1 | 2.5.10-1 |
| fvwm | fvwm | >= 0 < 1:2.5.18-2 | 1:2.5.18-2 |
| fvwm | fvwm | >= 0 < 2.5.10-1 | 2.5.10-1 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2006-5969: fvwm - CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and e...
vendor_debian·2006·CVSS 4.6
CVE-2006-5969 [MEDIUM] CVE-2006-5969: fvwm - CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and e...
CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.
Scope: local
bookworm: resolved (fixed in 1:2.5.18-2)
bullseye: resolved (fixed in 1:2.5.18-2)
forky: resolved (fixed in 1:2.5.18-2)
sid: resolved (fixed in 1:2.5.18-2)
trixie: resolved (fixed in 1:2.5.18-2)
Debian
CVE-2003-1308: fvwm - CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10...
vendor_debian·2003·CVSS 4.6
CVE-2003-1308 [MEDIUM] CVE-2003-1308: fvwm - CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10...
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
Scope: local
bookworm: resolved (fixed in 2.5.10-1)
bullseye: resolved (fixed in 2.5.10-1)
forky: resolved (fixed in 2.5.10-1)
sid: resolved (fixed in 2.5.10-1)
trixie: resolved (fixed in 2.5.10-1)
Red Hat
CVE-2006-5969: CRLF injection vulnerability in the evalFolderLine function in fvwm 2
vendor_redhat·CVSS 4.6
CVE-2006-5969 [MEDIUM] CVE-2006-5969: CRLF injection vulnerability in the evalFolderLine function in fvwm 2
CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.
Statement: Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm.
Red Hat
CVE-2003-1308: CRLF injection vulnerability in fvwm-menu-directory for fvwm 2
vendor_redhat·CVSS 4.6
CVE-2003-1308 [MEDIUM] CVE-2003-1308: CRLF injection vulnerability in fvwm-menu-directory for fvwm 2
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
Statement: Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm.
GHSA
GHSA-3qhr-r9v4-8365: CRLF injection vulnerability in the evalFolderLine function in fvwm 2
ghsa_unreviewed·2022-05-01·CVSS 4.6
CVE-2006-5969 [MEDIUM] GHSA-3qhr-r9v4-8365: CRLF injection vulnerability in the evalFolderLine function in fvwm 2
CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.
GHSA
GHSA-r994-mqvv-9vxr: CRLF injection vulnerability in fvwm-menu-directory for fvwm 2
ghsa_unreviewed·2022-04-29
CVE-2003-1308 [MEDIUM] GHSA-r994-mqvv-9vxr: CRLF injection vulnerability in fvwm-menu-directory for fvwm 2
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
OSV
CVE-2006-5969: CRLF injection vulnerability in the evalFolderLine function in fvwm 2
osv·2006-11-17·CVSS 4.6
CVE-2006-5969 [MEDIUM] CVE-2006-5969: CRLF injection vulnerability in the evalFolderLine function in fvwm 2
CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.
OSV
CVE-2003-1308: CRLF injection vulnerability in fvwm-menu-directory for fvwm 2
osv·2003-12-31·CVSS 4.6
CVE-2003-1308 [MEDIUM] CVE-2003-1308: CRLF injection vulnerability in fvwm-menu-directory for fvwm 2
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
No detection rules found.
No writeups or analysis indexed.
2003-12-31
Published