| Summary | VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. |
|---|---|
| Summary | Per: http://cwe.mitre.org/data/definitions/77.html 'CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')' |
| Publication Date | March 3, 2003, 2 p.m. |
| Registration Date | Jan. 29, 2021, 6:02 p.m. |
| Last Update | Oct. 18, 2016, 11:29 a.m. |
| CVSS2.0 : MEDIUM | |
| Score | 6.8 |
|---|---|
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| 攻撃元区分(AV) | ネットワーク |
| 攻撃条件の複雑さ(AC) | 中 |
| 攻撃前の認証要否(Au) | 不要 |
| 機密性への影響(C) | 低 |
| 完全性への影響(I) | 低 |
| 可用性への影響(A) | 低 |
| Get all privileges. | いいえ |
| Get user privileges | いいえ |
| Get other privileges | はい |
| User operation required | はい |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:nalin_dahyabhai:vte:0.11.21:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nalin_dahyabhai:vte:0.12.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nalin_dahyabhai:vte:0.14.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nalin_dahyabhai:vte:0.15.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nalin_dahyabhai:vte:0.16.14:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nalin_dahyabhai:vte:0.17.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nalin_dahyabhai:vte:0.20.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nalin_dahyabhai:vte:0.22.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nalin_dahyabhai:vte:0.24.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:nalin_dahyabhai:vte:0.25.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:gnome:gnome-terminal:2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:gnome:gnome-terminal:2.2:*:*:*:*:*:*:* | |||||