CVE-2015-8971 - OpenCVE

Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Enlightenment	Terminology

Configuration 1 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:enlightenment:terminology:0.7.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.debian.org/security/2016/dsa-3712	Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/04/12	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/04/15	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/07/1	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/94132	Third Party Advisory VDB Entry
https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5	Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-23T21:00:00

Updated: 2017-01-24T14:57:01

Reserved: 2016-11-07T00:00:00

Link: CVE-2015-8971

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-01-23T21:59:00.813

Modified: 2020-02-24T19:44:52.277

Link: CVE-2015-8971

JSON object: View

Redhat Information

No data.

CWE

CWE-77

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-04T00:00:00", "descriptions": [{"lang": "en", "value": "Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-24T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20161104 Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/11/04/15"}, {"name": "94132", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94132"}, {"name": "[oss-security] 20161104 CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/11/04/12"}, {"name": "[oss-security] 20161107 Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/11/07/1"}, {"name": "DSA-3712", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3712"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8971", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20161104 Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/11/04/15"}, {"name": "94132", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94132"}, {"name": "[oss-security] 20161104 CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/11/04/12"}, {"name": "[oss-security] 20161107 Re: CVE request: Escape Sequence Command Execution vulnerability in Terminology 0.7", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/11/07/1"}, {"name": "DSA-3712", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3712"}, {"name": "https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5", "refsource": "CONFIRM", "url": "https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8971", "datePublished": "2017-01-23T21:00:00", "dateReserved": "2016-11-07T00:00:00", "dateUpdated": "2017-01-24T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:enlightenment:terminology:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1DC05BFD-4A00-48C0-8858-B5DAAAE1FCD7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063."}, {"lang": "es", "value": "Terminology 0.7.0 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de secuencias de escape que modifican el t\u00edtulo de la ventana y luego se escriben a el terminal, un problema similar a CVE-2003-0063."}], "id": "CVE-2015-8971", "lastModified": "2020-02-24T19:44:52.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-23T21:59:00.813", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3712"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/11/04/12"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/11/04/15"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/11/07/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94132"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}