Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2003-1308
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2003-1308

2022-10-0316:15:42
Debian Security Bug Tracker
security-tracker.debian.org
6
cve-2003-1308
fvwm 2.5.x 2.4.x
crlf injection
local users
arbitrary commands
carriage returns
filename
unix

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

15.9%

CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

15.9%

Related for DEBIANCVE:CVE-2003-1308