Lucene search

PRIOn knowledge basePRION:CVE-2010-2713

HistoryAug 05, 2010 - 6:17 p.m.

Design/Logic Flaw

2010-08-0518:17:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.052 Low

EPSS

Percentile

92.8%

JSON

The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.

CPENameOperatorVersion
vtele0.25.1
vteeq0.11.21
vteeq0.12.2
vteeq0.14.2
vteeq0.15.0
vteeq0.16.14
vteeq0.17.4
vteeq0.20.5
vteeq0.22.5
vteeq0.24.3

Name	Operator	Version
vte	le	0.25.1
vte	eq	0.11.21
vte	eq	0.12.2
vte	eq	0.14.2
vte	eq	0.15.0
vte	eq	0.16.14
vte	eq	0.17.4
vte	eq	0.20.5
vte	eq	0.22.5
vte	eq	0.24.3

References

git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91

lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

secunia.com/advisories/40635

www.securityfocus.com/bid/41716

www.ubuntu.com/usn/usn-962-1

www.vupen.com/english/advisories/2010/1839

bugzilla.redhat.com/show_bug.cgi?id=613110

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.052 Low

EPSS

Percentile

92.8%

JSON

Related for PRION:CVE-2010-2713