CVE-2006-5969

Name of the Vulnerable Software and Affected Versions: fvwm versions prior to 2.5.18

Description: The issue concerns a CRLF injection vulnerability in the evalFolderLine function, allowing local users to execute arbitrary commands via carriage returns in a directory name. This is not properly handled by fvwm-menu-directory. The exploitation of this vulnerability can lead to a breach of confidentiality, integrity, and availability of protected information. It can be exploited locally.

Recommendations: For versions prior to 2.5.18, update to version 2.5.18 or later to resolve the issue. As a temporary workaround, consider restricting the use of the evalFolderLine function until a patch is available. Avoid using directory names with carriage returns in the affected fvwm-menu-directory to minimize the risk of exploitation.