CVE-2015-8971
published 2017-01-23CVE-2015-8971: Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal…
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
1.11%
61.9th percentile
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | terminology | < terminology 0.7.0-2 (bookworm) | terminology 0.7.0-2 (bookworm) |
| enlightenment | terminology | — | — |
| enlightenment | terminology | >= 0 < 0.7.0-2 | 0.7.0-2 |
| enlightenment | terminology | >= 0 < 0.7.0-2 | 0.7.0-2 |
| enlightenment | terminology | >= 0 < 0.7.0-2 | 0.7.0-2 |
| enlightenment | terminology | >= 0 < 0.7.0-2 | 0.7.0-2 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.3HIGH
vendor_debian7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2015-8971: terminology - Terminology 0.7.0 allows remote attackers to execute arbitrary commands via esca...
vendor_debian·2015·CVSS 7.3
CVE-2015-8971 [HIGH] CVE-2015-8971: terminology - Terminology 0.7.0 allows remote attackers to execute arbitrary commands via esca...
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
Scope: local
bookworm: resolved (fixed in 0.7.0-2)
bullseye: resolved (fixed in 0.7.0-2)
forky: resolved (fixed in 0.7.0-2)
sid: resolved (fixed in 0.7.0-2)
trixie: resolved (fixed in 0.7.0-2)
GHSA
GHSA-c74f-gxvx-3568: Terminology 0
ghsa_unreviewed·2022-05-13·CVSS 7.3
CVE-2015-8971 [HIGH] CWE-77 GHSA-c74f-gxvx-3568: Terminology 0
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
OSV
CVE-2015-8971: Terminology 0
osv·2017-01-23·CVSS 7.3
CVE-2015-8971 [HIGH] CVE-2015-8971: Terminology 0
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.debian.org/security/2016/dsa-3712http://www.openwall.com/lists/oss-security/2016/11/04/12http://www.openwall.com/lists/oss-security/2016/11/04/15http://www.openwall.com/lists/oss-security/2016/11/07/1http://www.securityfocus.com/bid/94132https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5http://www.debian.org/security/2016/dsa-3712http://www.openwall.com/lists/oss-security/2016/11/04/12http://www.openwall.com/lists/oss-security/2016/11/04/15http://www.openwall.com/lists/oss-security/2016/11/07/1http://www.securityfocus.com/bid/94132https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
2017-01-23
Published