CVE-2008-2383

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

---

CVE-2008-2383 at MITRE

Details

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.

---

Novell Bugzilla entry: 462917

SUSE Security Advisories:

• SUSE-SR:2009:002, published Mon, 19 Jan 2009 14:00:00 +0000
• SUSE-SR:2009:002 , published Mon, 19 Jan 2009 14:00:00 +0000
• SUSE-SR:2009:003, published Mon, 02 Feb 2009 16:30:00 +0000
• SUSE-SR:2009:003 , published Mon, 02 Feb 2009 16:30:00 +0000

Product(s)	Fixed package version(s)	References
openSUSE 10.3	xterm >= 229-17.2	ZYPP Patch Nr: 5902 SAT Patch Nr: 405
openSUSE 11.0	xterm-debuginfo >= 235-12.2 xterm-debugsource >= 235-12.2	ZYPP Patch Nr: 5902 SAT Patch Nr: 405
openSUSE 11.0	xterm >= 235-12.2	ZYPP Patch Nr: 5902 SAT Patch Nr: 405
openSUSE 11.1	xterm >= 236-1.50.1 xterm-debuginfo >= 236-1.50.1 xterm-debugsource >= 236-1.50.1	ZYPP Patch Nr: 5902 SAT Patch Nr: 405
openSUSE 11.1	xterm >= 236-1.50.1	ZYPP Patch Nr: 5902 SAT Patch Nr: 405
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM POWER SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for IPF SUSE Linux Enterprise Server 10 SP2 for x86	xterm >= 208-14.6	sles10-sp2. x86-64 sles10-sp2. x86 sles10-sp2. ia64 sles10-sp2. s390x sles10-sp2. ppc sled10-sp2. x86 sled10-sp2. x86-64 ZYPP Patch Nr: 5898
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for Itanium Processor Family SUSE CORE 9 for x86	XFree86 >= 4.3.99.902-43.98 XFree86-server >= 4.3.99.902-43.98	core9. x86 core9. ia64 sles9-nld. x86-64 core9. ppc core9. s390x sles9-oes. x86 sles9-nlpos. x86 sles9-nld. x86 core9. x86-64 core9. s390 YOU Patch Nr: 12344
SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit	XFree86 >= 4.3.99.902-43.98	core9. x86 core9. ia64 sles9-nld. x86-64 core9. ppc core9. s390x sles9-oes. x86 sles9-nlpos. x86 sles9-nld. x86 core9. x86-64 core9. s390 YOU Patch Nr: 12344

• Support Home
• Download
  • Patches
    • Patch Home
    • Patch Finder
  • Products
  • Drivers
  • Beta
  • Cool Tools
• Help yourself
  • Knowledgebase
  • Novell Support Advisor
  • Discussion Forums
  • Documentation
  • Support by Product
  • Product Support Lifecycle
  • Activate My Product
  • Bookstore
  • Technical Subscriptions
  • Support FAQ
• Let us help
  • Novell Support Programs
    • Linux Support
    • Support for MLA
    • Support for VLA
    • Support for Academic Customers
    • Support for Partners
    • Single Service Request
    • All Support Programs
  • Support from Partner
  • Open Service Request
  • Chat with Us (Non-technical questions)
• Contribute
  • Participate in Beta
  • Report a Bug
  • Share a Tip, Trick, etc.
  • Request Enhancement
  • Report Software Vulnerability
  • Provide Feedback

• Customer Center