Launchpad.net

CVE 2008-2383

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

Related bugs and status

CVE-2008-2383 (Candidate) is related to these bugs:

Bug #311983: Window title, DECRQSS security

Summary				In	Importance	Status
	311983	Window title, DECRQSS security		xterm (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.debian.org...
SECUNIA: 33318
FEDORA: FEDORA-2009-0059
FEDORA: FEDORA-2009-0154
SECUNIA: 33419
SUSE: SUSE-SR:2009:002
SECUNIA: 33568
SUSE: SUSE-SR:2009:003
REDHAT: RHSA-2009:0018
SECUNIA: 33418
DEBIAN: DSA-1694
BID: 33060
SECUNIA: 33397
SECUNIA: 33820
SECUNIA: 33388
SUNALERT: 254208
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-05-12
CERT: TA09-133A
SECUNIA: 35074
VUPEN: ADV-2009-1297
REDHAT: RHSA-2009:0019
SECTRACK: 1021522
XF: xterm-decrqss-code-exe...
OVAL: oval:org.mitre.oval:de...
UBUNTU: USN-703-1
FEDORA: FEDORA-2023-a004ecb3f8
FEDORA: FEDORA-2023-3746647cc3