CVE-2007-3770

The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:P/A:N

Exploitability : 8.6 / Impact : 7.8

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=184886
http://osvdb.org/38082
http://secunia.com/advisories/26037	Vendor Advisory
http://secunia.com/advisories/26392
http://secunia.com/advisories/26418
http://secunia.com/advisories/27374
http://security.gentoo.org/glsa/glsa-200708-07.xml
http://www.debian.org/security/2007/dsa-1393
http://www.securityfocus.com/bid/24889
http://www.ubuntu.com/usn/usn-497-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/35379
http://bugs.gentoo.org/show_bug.cgi?id=184886
http://osvdb.org/38082
http://secunia.com/advisories/26037	Vendor Advisory
http://secunia.com/advisories/26392
http://secunia.com/advisories/26418
http://secunia.com/advisories/27374
http://security.gentoo.org/glsa/glsa-200708-07.xml
http://www.debian.org/security/2007/dsa-1393
http://www.securityfocus.com/bid/24889
http://www.ubuntu.com/usn/usn-497-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/35379

Configurations

Configuration 1 (hide)

cpe:2.3:a:os-cillation:xfce_terminal:0.2.6:*:*:*:*:*:*:*

History

21 Nov 2024, 00:34

Type	Values Removed	Values Added
References	~~() http://bugs.gentoo.org/show_bug.cgi?id=184886 -~~	() http://bugs.gentoo.org/show_bug.cgi?id=184886 -
References	~~() http://osvdb.org/38082 -~~	() http://osvdb.org/38082 -
References	~~() http://secunia.com/advisories/26037 - Vendor Advisory~~	() http://secunia.com/advisories/26037 - Vendor Advisory
References	~~() http://secunia.com/advisories/26392 -~~	() http://secunia.com/advisories/26392 -
References	~~() http://secunia.com/advisories/26418 -~~	() http://secunia.com/advisories/26418 -
References	~~() http://secunia.com/advisories/27374 -~~	() http://secunia.com/advisories/27374 -
References	~~() http://security.gentoo.org/glsa/glsa-200708-07.xml -~~	() http://security.gentoo.org/glsa/glsa-200708-07.xml -
References	~~() http://www.debian.org/security/2007/dsa-1393 -~~	() http://www.debian.org/security/2007/dsa-1393 -
References	~~() http://www.securityfocus.com/bid/24889 -~~	() http://www.securityfocus.com/bid/24889 -
References	~~() http://www.ubuntu.com/usn/usn-497-1 -~~	() http://www.ubuntu.com/usn/usn-497-1 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/35379 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/35379 -

Information

Published : 2007-07-15 21:30

Updated : 2024-11-21 00:34

NVD link : CVE-2007-3770

Mitre link : CVE-2007-3770

CVE.ORG link : CVE-2007-3770

JSON object : View

Products Affected

os-cillation

xfce_terminal

CWE

NVD-CWE-Other

7.8 /10