CVE编号
CVE-2008-2383利用情况
暂无补丁情况
没有补丁披露时间
2009-01-03漏洞描述
xterm中的CRLF注入漏洞允许用户辅助攻击者通过文本文件中Device Control Request Status String (DECRQSS) escape sequence 中命令名称的LF(又称为 \ n)字符执行任意命令,这是与CVE-2003-0063和CVE-2003-0071相关的问题。解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030 | |
| http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | |
| http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html | |
| http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html | |
| http://secunia.com/advisories/33318 | |
| http://secunia.com/advisories/33388 | |
| http://secunia.com/advisories/33397 | |
| http://secunia.com/advisories/33418 | |
| http://secunia.com/advisories/33419 | |
| http://secunia.com/advisories/33568 | |
| http://secunia.com/advisories/33820 | |
| http://secunia.com/advisories/35074 | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-66-254208-1 | |
| http://support.apple.com/kb/HT3549 | |
| http://www.debian.org/security/2009/dsa-1694 | |
| http://www.redhat.com/support/errata/RHSA-2009-0018.html | |
| http://www.redhat.com/support/errata/RHSA-2009-0019.html | |
| http://www.securityfocus.com/bid/33060 | |
| http://www.securitytracker.com/id?1021522 | |
| http://www.us-cert.gov/cas/techalerts/TA09-133A.html | |
| http://www.vupen.com/english/advisories/2009/1297 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/47655 | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... | |
| https://usn.ubuntu.com/703-1/ | |
| https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00072.html | |
| https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00184.html |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | invisible-island | xterm | _nil_ | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_5 | xterm | * |
Up to (excluding) 215-5.el5_2.2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_4.0 | xterm | * |
Up to (excluding) 222-1etch3 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_5.0 | xterm | * |
Up to (excluding) 235-2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_5 | xterm | * |
Up to (excluding) 215-5.el5_2.2 |
|||||
- 攻击路径 远程
- 攻击复杂度 N/A
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 没有补丁
- 数据保密性 N/A
- 数据完整性 传输被破坏
- 服务器危害 无影响
- 全网数量 N/A
还没有评论,来说两句吧...