6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
69.5%
gnome-terminal may allow a remote attacker to execute arbitrary commands via crafted escape sequences.
gnome-terminal affords users the ability to utilize an escape sequence to “export” the title of the current window title directly to the shell command line. By viewing a maliciously crafted file in gnome-terminal, a victim may unknowingly execute shell commands (provided by the attacker).
This vulnerability was discovered by H D Moore of Digital Defense. H D has provided a paper on this topic (TERMINAL EMULATOR SECURITY ISSUES), and Red Hat has published RHSA-2003:053-10. Both of these documents provide more information about this vulnerability.
A remote attacker may be able to execute arbitrary commands on a vulnerable host.
Apply a patch.
230561
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: February 27, 2003
Affected
See <https://rhn.redhat.com/errata/RHSA-2003-053.html>.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23230561 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was discovered by H D Moore of Digital Defense. The CERT/CC thanks both H D Moore and Red Hat for providing information upon which this document is based.
This document was written by Ian A Finlay.
CVE IDs: | CVE-2003-0070 |
---|---|
Severity Metric: | 4.86 Date Public: |