Vulnerabilities > CVE-2003-1308 - Local Security vulnerability in FVWM
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
Exploit-Db
description | FVWM 2.4/2.5 fvwm-menu-directory Command Execution Vulnerability. CVE-2003-1308 . Local exploit for linux platform |
id | EDB-ID:23414 |
last seen | 2016-02-02 |
modified | 2003-12-05 |
published | 2003-12-05 |
reporter | auto22238 |
source | https://www.exploit-db.com/download/23414/ |
title | FVWM 2.4/2.5 fvwm-menu-directory Command Execution Vulnerability |
Statements
contributor | Mark J Cox |
lastmodified | 2006-11-22 |
organization | Red Hat |
statement | Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm. |