Vulnerabilities > CVE-2003-1308 - Local Security vulnerability in FVWM

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

fvwm

exploit available

NVD

Published: 2003-12-31

Updated: 2008-09-05

Summary

CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.

Vulnerable Configurations

Part	Description	Count
Application	Fvwm Fvwm Fvwm *	1

Exploit-Db

description	FVWM 2.4/2.5 fvwm-menu-directory Command Execution Vulnerability. CVE-2003-1308 . Local exploit for linux platform
id	EDB-ID:23414
last seen	2016-02-02
modified	2003-12-05
published	2003-12-05
reporter	auto22238
source	https://www.exploit-db.com/download/23414/
title	FVWM 2.4/2.5 fvwm-menu-directory Command Execution Vulnerability

Statements

contributor	Mark J Cox
lastmodified	2006-11-22
organization	Red Hat
statement	Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm.

Summary

Vulnerable Configurations

Exploit-Db

Statements

References