NVD

Id
14162  
Name
CVE-2010-2713  
Description
The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2010-08-05  
Modified Date
2010-09-09  
Seq
2010-2713  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
78306 14162 CVE-2010-2713 http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91  View
78307 14162 CVE-2010-2713 SUSE-SR:2010:014  View
78308 14162 CVE-2010-2713 41716  View
78309 14162 CVE-2010-2713 USN-962-1  View
78310 14162 CVE-2010-2713 ADV-2010-1839  View
78311 14162 CVE-2010-2713 https://bugzilla.redhat.com/show_bug.cgi?id=613110  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
39169 JVNDB-2010-004954 VTE の vte_sequence_handler_window_manipulation 関数における任意のコマンドを実行される脆弱性 VTE の libvte の vteseq.c の vte_sequence_handler_window_manipulation 関数は、gnome-terminal で使用されている際、エスケープシーケンスを適切に処理しないため、任意のコマンドを実行される、または重要な情報を取得される脆弱性が存在します。 CVE-2010-2713 45293 CVE-2010-2713 14162 6.8 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004954.html 2010-08-05 2012-09-25 View