CVE-2008-2383
published 2009-01-02CVE-2008-2383: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
4.97%
91.1th percentile
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | xterm | < xterm 238-2 (bookworm) | xterm 238-2 (bookworm) |
| github.com | migueldeicaza_swiftterm | >= 0 < 1.2.0 | 1.2.0 |
| invisible-island | xterm | — | — |
| invisible-island | xterm | >= 0 < 238-2 | 238-2 |
| invisible-island | xterm | >= 0 < 238-2 | 238-2 |
| invisible-island | xterm | >= 0 < 238-2 | 238-2 |
| invisible-island | xterm | >= 0 < 238-2 | 238-2 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
ghsa7.3HIGH
osv7.3HIGH
vendor_ubuntu9.3CRITICAL
vendor_debian7.3MEDIUM
vendor_redhat7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
xterm vulnerabilities
vendor_ubuntu·2009-01-06·CVSS 9.3
CVE-2008-2383 [CRITICAL] xterm vulnerabilities
Title: xterm vulnerabilities
Summary: xterm vulnerabilities
Paul Szabo discovered that the DECRQSS escape sequences were not handled
correctly by xterm. Additionally, window title operations were also not
safely handled. If a user were tricked into viewing a specially crafted
series of characters while in xterm, a remote attacker could execute
arbitrary commands with user privileges. (CVE-2006-7236, CVE-2008-2382)
Instructions: After a standard system upgrade you need to restart any running xterms to
effect the necessary changes.
Red Hat
xterm: arbitrary command injection
vendor_redhat·2008-12-29·CVSS 7.3
CVE-2008-2383 [HIGH] xterm: arbitrary command injection
xterm: arbitrary command injection
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Debian
CVE-2008-2383: xterm - CRLF injection vulnerability in xterm allows user-assisted attackers to execute ...
vendor_debian·2008·CVSS 7.3
CVE-2008-2383 [HIGH] CVE-2008-2383: xterm - CRLF injection vulnerability in xterm allows user-assisted attackers to execute ...
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
Scope: local
bookworm: resolved (fixed in 238-2)
bullseye: resolved (fixed in 238-2)
forky: resolved (fixed in 238-2)
sid: resolved (fixed in 238-2)
trixie: resolved (fixed in 238-2)
GHSA
SwiftTerm Code Injection vulnerability
ghsa·2023-07-14·CVSS 7.3
CVE-2022-23465 [HIGH] CWE-94 SwiftTerm Code Injection vulnerability
SwiftTerm Code Injection vulnerability
### Impact
Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
### Credit
These bugs were found and disclosed by David Leadbeater (@dgl at Github.com)
### Patches
Fixed in version ce596e0dc8cdb288bc7ed5c6a59011ee3a8dc171
### Workarounds
There are no workarounds available
### References
Similar exploits to this existed in the past, for terminal emulators:
https://nvd.nist.gov/vuln/detail/CVE-2003-0063
https://nvd.nist.gov/vuln/detail/CVE-2008-2383
Additional background and information is also available:
https://marc.info
OSV
SwiftTerm Code Injection vulnerability
osv·2023-07-14·CVSS 7.3
CVE-2022-23465 [HIGH] SwiftTerm Code Injection vulnerability
SwiftTerm Code Injection vulnerability
### Impact
Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
### Credit
These bugs were found and disclosed by David Leadbeater (@dgl at Github.com)
### Patches
Fixed in version ce596e0dc8cdb288bc7ed5c6a59011ee3a8dc171
### Workarounds
There are no workarounds available
### References
Similar exploits to this existed in the past, for terminal emulators:
https://nvd.nist.gov/vuln/detail/CVE-2003-0063
https://nvd.nist.gov/vuln/detail/CVE-2008-2383
Additional background and information is also available:
https://marc.info
GHSA
GHSA-94vw-2f3v-j88m: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na
ghsa_unreviewed·2022-05-01·CVSS 7.3
CVE-2008-2383 [HIGH] CWE-94 GHSA-94vw-2f3v-j88m: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
OSV
CVE-2008-2383: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na
osv·2009-01-02·CVSS 7.3
CVE-2008-2383 [HIGH] CVE-2008-2383: CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command na
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-4487 nginx: Absent sanitation of escape sequences in web server log
bugzilla·2010-02-08·CVSS 5.0
CVE-2009-4487 [MEDIUM] CVE-2009-4487 nginx: Absent sanitation of escape sequences in web server log
CVE-2009-4487 nginx: Absent sanitation of escape sequences in web server log
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-4487 to
the following vulnerability:
nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4487
[2] http://www.securityfocus.com/archive/1/archive/1/508830/100/0/threaded
[3] http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
[4] http://www.securityfocus.com/bid/37711
Upstream status:
[5] http://nginx.org/en/security_advisories.html contains record
Bugzilla
CVE-2008-2383 xterm: arbitrary command injection
bugzilla·2009-01-06·CVSS 9.3
CVE-2008-2383 [CRITICAL] CVE-2008-2383 xterm: arbitrary command injection
CVE-2008-2383 xterm: arbitrary command injection
Description of problem:
xterm has a security hole that allows attackes to modify files that are displayed in xterm in a way that causes xterm to execute arbitrary commands
Version-Release number of selected component (if applicable):
xterm-237-1.fc10.i386
How reproducible:
always
Steps to Reproduce:
1. open xterm
2. perl -e 'print "\eP\$q\nwhoami\n\e\\"' > bla.log
3. cat bla.log
Actual results:
whoami is executed
Expected results:
that should not happen
Additional info:
see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030
there seems to be a patch
Discussion:
xterm-238-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/xterm-238-1.fc10
---
xterm-238-1.fc9 has been submitted as an u
Bugzilla
CVE-2008-2383 xterm: arbitrary command injection
bugzilla·2009-01-05·CVSS 7.3
CVE-2008-2383 [HIGH] CVE-2008-2383 xterm: arbitrary command injection
CVE-2008-2383 xterm: arbitrary command injection
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2383 to the following vulnerability:
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
This issue affects xterm as shipped with Red Hat Enterprise Linux 3, 4, and 5.
Discussion:
Created attachment 328245
Patch extracted from upstream
---
The version of xterm as shipped in Red Hat Enterprise Linux 2.1 is not affected by this issue.
The reason is that in the older xterm version control characters such as \n characters were not al
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlhttp://secunia.com/advisories/33318http://secunia.com/advisories/33388http://secunia.com/advisories/33397http://secunia.com/advisories/33418http://secunia.com/advisories/33419http://secunia.com/advisories/33568http://secunia.com/advisories/33820http://secunia.com/advisories/35074http://sunsolve.sun.com/search/document.do?assetkey=1-66-254208-1http://support.apple.com/kb/HT3549http://www.debian.org/security/2009/dsa-1694http://www.redhat.com/support/errata/RHSA-2009-0018.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0019.htmlhttp://www.securityfocus.com/bid/33060http://www.securitytracker.com/id?1021522http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://www.vupen.com/english/advisories/2009/1297https://exchange.xforce.ibmcloud.com/vulnerabilities/47655https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3E2Q6NPKT7V4VKZMSFF4ARLRVYOG4AU/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOOVZTIABA4MIFUGTAVYWO6QXSUXSST4/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9317https://usn.ubuntu.com/703-1/https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00072.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-January/msg00184.htmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.htmlhttp://secunia.com/advisories/33318http://secunia.com/advisories/33388http://secunia.com/advisories/33397http://secunia.com/advisories/33418http://secunia.com/advisories/33419http://secunia.com/advisories/33568http://secunia.com/advisories/33820http://secunia.com/advisories/35074http://sunsolve.sun.com/search/document.do?assetkey=1-66-254208-1http://support.apple.com/kb/HT3549http://www.debian.org/security/2009/dsa-1694http://www.redhat.com/support/errata/RHSA-2009-0018.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0019.htmlhttp://www.securityfocus.com/bid/33060http://www.securitytracker.com/id?1021522http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlhttp://www.vupen.com/english/advisories/2009/1297https://exchange.xforce.ibmcloud.com/vulnerabilities/47655https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3E2Q6NPKT7V4VKZMSFF4ARLRVYOG4AU/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOOVZTIABA4MIFUGTAVYWO6QXSUXSST4/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9317https://usn.ubuntu.com/703-1/https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00072.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-January/msg00184.html
2009-01-02
Published