Upstream information

CVE-2008-2383 at MITRE

Description

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.3
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 462917 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • xterm >= 238-1.16
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA xterm
SUSE Linux Enterprise Server 11 SP2
  • xterm >= 238-1.16
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA xterm
SUSE Linux Enterprise Server 11 SP3
  • xterm >= 238-1.16
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA xterm
SUSE Linux Enterprise Server 11 SP4
  • xterm >= 238-1.16
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA xterm
openSUSE 11.0
  • xterm-debuginfo >= 235-12.2
  • xterm-debugsource >= 235-12.2
openSUSE 11.0
  • xterm >= 235-12.2
openSUSE 11.1
  • xterm >= 236-1.50.1
  • xterm-debuginfo >= 236-1.50.1
  • xterm-debugsource >= 236-1.50.1
openSUSE 11.1
  • xterm >= 236-1.50.1
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Open Enterprise Server
  • XFree86 >= 4.3.99.902-43.98
  • XFree86-server >= 4.3.99.902-43.98
core9.x86
core9.ia64
sles9-nld.x86-64
core9.ppc
core9.s390x
sles9-oes.x86
sles9-nlpos.x86
sles9-nld.x86
core9.x86-64
core9.s390
YOU Patch Nr: 12344