FVWM fvwm-menu-directory.in Filename eoln Command Execution

2003-12-05T00:00:00
ID OSVDB:5444
Type osvdb
Reporter (auto22238@hushmail.com)
Modified 2003-12-05T00:00:00

Description

Vulnerability Description

The FVWM window manager contains a flaw that may allow a malicious user to prepare a script containing malicious commands for execution by another user. The issue is triggered when FVWM opens the directory in which the script is placed. It is possible that the flaw may allow execution of resulting in a loss of confidentiality and integrity.

Solution Description

Upgrade to version 2.5.9, 2.4.18 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The FVWM window manager contains a flaw that may allow a malicious user to prepare a script containing malicious commands for execution by another user. The issue is triggered when FVWM opens the directory in which the script is placed. It is possible that the flaw may allow execution of resulting in a loss of confidentiality and integrity.

References:

Vendor URL: http://www.fvwm.org/ CVE-2003-1308 Bugtraq ID: 9161