CVE-2003-0068
eterm - missing input sanitising
EPSS 0.67%
描述
The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
如何修補 CVE-2003-0068
要修補 CVE-2003-0068,請將受影響套件升級到下列已修補版本。
- Debian/eterm—升級至 0.9.2-6 或更新版本
- Debian/eterm—升級至 0.9.2-0pre2002042903.3 或更新版本
CVE-2003-0068 正在被利用嗎?
低 — EPSS 為 0.7%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, < 0.9.2-6
- from 0, < 0.9.2-0pre2002042903.3