Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-7236Xterm vulnerability

CWE-168 documents8 sources
Severity
9.3CRITICALNVD
EPSS
7.2%
top 8.35%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Invisible-island Xterm
Timeline
PublishedJan 2
Latest updateMay 1

Description

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianinvisible-island/xterm< 238-1+3

🔴Vulnerability Details

3
GHSA
GHSA-9r87-p9p6-pqp9: The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attacke2022-05-01
CVEList
CVE-2006-7236: The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attacke2009-01-02
OSV
CVE-2006-7236: The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attacke2009-01-02

💥Exploits & PoCs

1
Exploit-DB
xterm - DECRQSS Remote Command Execution2008-12-29

📋Vendor Advisories

3
Ubuntu
xterm vulnerabilities2009-01-06
Debian
CVE-2006-7236: xterm - The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu e...2006
Red Hat
CVE-2006-7236: The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attacke
CVE-2006-7236 — Invisible-island Xterm vulnerability | cvebase