CVE-2003-0063

Name of the Vulnerable Software and Affected Versions XFree86-xf86cfg versions 4.1.0 through 4.2.1 XFree86-font-utils versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-9-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-tools versions 4.1.0 through 4.2.1-21 XFree86-devel versions 4.1.0 through 4.2.1-21 XFree86-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-libs versions 4.1.0 through 4.2.1-21 XFree86-xdm versions 4.1.0 through 4.2.1-21 XFree86-cyrillic-fonts versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-2-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-15-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-100dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-doc versions 4.1.0 through 4.2.1-21 XFree86-xfs versions 4.1.0 through 4.2.1-21 XFree86-Xnest versions 4.1.0 through 4.2.1-21 XFree86-Mesa-libGL versions 4.1.0 through 4.2.1-21 XFree86-Mesa-libGLU versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-2-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-ISO8859-15-75dpi-fonts versions 4.1.0 through 4.2.1-21 XFree86-truetype-fonts versions 4.1.0 through 4.2.1-21 XFree86-base-fonts versions 4.1.0 through 4.2.1-21 XFree86-Xvfb versions 4.1.0 through 4.2.1-21 XFree86-xauth versions 4.1.0 through 4.2.1-21 XFree86-twm versions 4.1.0 through 4.2.1-21

Description The issue affects multiple packages of the XFree86 operating system in Red Hat Linux, allowing remote exploitation that may lead to a breach of confidentiality, integrity, and availability of protected information. According to the Mitre source, the xterm terminal emulator in XFree86 4.2.0 and earlier is vulnerable to an issue where attackers can modify the window title via a certain character escape sequence and then insert it back into the command line in the user's terminal. This could allow the attacker to execute arbitrary commands when the user views a file containing the malicious sequence.

Recommendations As a temporary workaround, consider disabling the xterm terminal emulator until a patch is available. Restrict access to the vulnerable packages to minimize the risk of exploitation. Avoid using the affected versions of XFree86 until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.