CVE-2015-8971
high
CVSS v3
7.8
CVSS v2
4.6
VIR risk
7.8
Description
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2015-8971
Vendor advisory: cve@mitre.org — https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | 8.0 | affected | |
| debian | bookworm | fixed | 0.7.0-2 |
| debian | bullseye | fixed | 0.7.0-2 |
| debian | forky | fixed | 0.7.0-2 |
| debian | sid | fixed | 0.7.0-2 |
| debian | trixie | fixed | 0.7.0-2 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| enlightenment | terminology | 0.7.0 | |
References
- http://www.debian.org/security/2016/dsa-3712
- http://www.openwall.com/lists/oss-security/2016/11/04/12
- http://www.openwall.com/lists/oss-security/2016/11/04/15
- http://www.openwall.com/lists/oss-security/2016/11/07/1
- http://www.securityfocus.com/bid/94132
- https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
- https://security-tracker.debian.org/tracker/CVE-2015-8971
CWEs
CWE-77
Verify integrity in audit chain (admin only). AS-IS.