FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xterm -- DECRQSS remote command execution vulnerability

Affected packages
xterm < 238

Details

VuXML ID d5e1aac8-db0b-11dd-ae30-001cc0377035
Discovery 2008-12-28
Entry 2009-01-05
Modified 2009-01-06

SecurityFocus reports:

The xterm program is prone to a remote command-execution vulnerability because it fails to sufficiently validate user input.

Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected application.

References

Bugtraq ID 33060
CVE Name CVE-2008-2383
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030