OpenCVE

The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Michael Jennings	Eterm

Configuration 1 [-]

OR	cpe:2.3:a:michael_jennings:eterm:0.8.10:::::::*
	cpe:2.3:a:michael_jennings:eterm:0.9.1:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
http://marc.info/?l=bugtraq&m=104612710031920&w=2
http://www.debian.org/security/2004/dsa-496
http://www.iss.net/security_center/static/11414.php
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040
http://www.securityfocus.com/bid/10237

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2024-08-08T01:43:35.397Z

Reserved: 2003-02-04T00:00:00

Link: CVE-2003-0068

Vulnrichment

No data.

NVD

Status : Modified

Published: 2003-03-03T05:00:00.000

Modified: 2016-10-18T02:29:05.207

Link: CVE-2003-0068

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-02-24T00:00:00", "descriptions": [{"lang": "en", "value": "The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-01-02T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "10237", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10237"}, {"name": "20030224 Terminal Emulator Security Issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2"}, {"name": "MDKSA-2003:040", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040"}, {"name": "DSA-496", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2004/dsa-496"}, {"name": "terminal-emulator-window-title(11414)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/11414.php"}, {"name": "20030224 Terminal Emulator Security Issues", "tags": ["mailing-list", "x_refsource_VULNWATCH"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0068", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "10237", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10237"}, {"name": "20030224 Terminal Emulator Security Issues", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2"}, {"name": "MDKSA-2003:040", "refsource": "MANDRAKE", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040"}, {"name": "DSA-496", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-496"}, {"name": "terminal-emulator-window-title(11414)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/11414.php"}, {"name": "20030224 Terminal Emulator Security Issues", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:43:35.397Z"}, "title": "CVE Program Container", "references": [{"name": "10237", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10237"}, {"name": "20030224 Terminal Emulator Security Issues", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2"}, {"name": "MDKSA-2003:040", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040"}, {"name": "DSA-496", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2004/dsa-496"}, {"name": "terminal-emulator-window-title(11414)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/11414.php"}, {"name": "20030224 Terminal Emulator Security Issues", "tags": ["mailing-list", "x_refsource_VULNWATCH", "x_transferred"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0068", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-02-04T00:00:00", "dateUpdated": "2024-08-08T01:43:35.397Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:michael_jennings:eterm:0.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "B33FE201-759E-4EE4-B19E-A25E6FBD711B", "vulnerable": true}, {"criteria": "cpe:2.3:a:michael_jennings:eterm:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "7DD5D189-F36C-4E49-92C0-72C9D72A43BA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."}, {"lang": "es", "value": "El emulador de terminal Eterm 0.9.1 y anteriorespermite a atacantes modificar el t\u00edtulo de la ventana mediante cierta secuencia de car\u00e1cter de escape, y a continuaci\u00f3n volver a insertarlo en la l\u00ednea de comandos del terminal del usuario, lo que podr\u00eda permitir al atacante ejecutar comandos arbitrarios."}], "id": "CVE-2003-0068", "lastModified": "2016-10-18T02:29:05.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-03-03T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-496"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/11414.php"}, {"source": "cve@mitre.org", "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/10237"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}