Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200708-07
HistoryAug 11, 2007 - 12:00 a.m.

Xfce Terminal: Remote arbitrary code execution

2007-08-1100:00:00
Gentoo Foundation
security.gentoo.org
7

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:P/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON

Background

Xfce Terminal is a console tool for the Xfce desktop environment.

Description

Lasse Karkkainen discovered that the function terminal_helper_execute() in file terminal-helper.c does not properly escape the URIs before processing.

Impact

A remote attacker could entice a user to open a specially crafted link, possibly leading to the remote execution of arbitrary code with the privileges of the user running Xfce Terminal. Note that the exploit code depends on the browser used to open the crafted link.

Workaround

There is no known workaround at this time.

Resolution

All Xfce Terminal users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-terms/terminal-0.2.6_p25931"
OSVersionArchitecturePackageVersionFilename
Gentooanyallx11-terms/terminal<Β 0.2.6_p25931UNKNOWN

Related

fedora 2
openvas 10
prion 1
nessus 4
securityvulns 2
cve 1
ubuntu 1
debian 1
seebug 1
ubuntucve 1
debiancve 1
fedora
fedora
[SECURITY] Fedora 7 Update: Terminal-0.2.6-3.fc7
2007-08-15 19:48:33
[SECURITY] Fedora 7 Update: Terminal-0.2.8-2.fc7
2007-12-15 19:29:50
openvas
openvas
Fedora Update for Terminal FEDORA-2007-1620
2009-02-27 00:00:00
Debian Security Advisory DSA 1393-1 (xfce4-terminal)
2008-01-17 00:00:00
Ubuntu Update for xfce4-terminal vulnerability USN-497-1
2009-03-23 00:00:00
prion
prion
Open redirect
2007-07-15 21:30:00
nessus
nessus
Ubuntu 6.06 LTS / 6.10 / 7.04 : xfce4-terminal vulnerability (USN-497-1)
2007-11-10 00:00:00
GLSA-200708-07 : Xfce Terminal: Remote arbitrary code execution
2007-08-13 00:00:00
Fedora 7 : Terminal-0.2.6-3.fc7 (2007-1620)
2007-11-06 00:00:00
securityvulns
securityvulns
Xfce terminal client unescaped shell characters vulnerability
2007-08-14 00:00:00
[ GLSA 200708-07 ] Xfce Terminal: Remote arbitrary code execution
2007-08-14 00:00:00
cve
cve
CVE-2007-3770
2007-07-15 21:30:00
ubuntu
ubuntu
xfce4-terminal vulnerability
2007-08-14 00:00:00
debian
debian
[SECURITY] [DSA 1393-1] New xfce4-terminal packages fix arbitrary command execution
2007-10-23 00:00:00
seebug
seebug
Xfce-TerminalθΏœη¨‹ε‘½δ»€ζ³¨ε…₯漏洞
2007-08-14 00:00:00
ubuntucve
ubuntucve
CVE-2007-3770
2007-07-15 00:00:00
debiancve
debiancve
CVE-2007-3770
2007-07-15 21:30:00

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:P/A:N

0.009 Low

EPSS

Percentile

82.6%

JSON
Related for GLSA-200708-07
fedora2openvas10prion1nessus4securityvulns2cve1ubuntu1debian1seebug1ubuntucve1debiancve1