PT-2003-2253 · Fvwm · Fvwm
Publicado
2003-12-31
·
Atualizado
2008-09-05
·
CVE-2003-1308
CVSS v2.0
4.6
Média
| Vetor | AV:L/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
fvwm versions 2.4.x through 2.4.17
fvwm versions 2.5.x through 2.5.9
Description
A CRLF injection issue in fvwm-menu-directory allows local users to execute arbitrary commands via carriage returns in a filename.
Recommendations
For fvwm versions 2.4.x through 2.4.17, update to version 2.4.18 or later.
For fvwm versions 2.5.x through 2.5.9, update to version 2.5.10 or later.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Fvwm