Vulnerabilities > CVE-2006-5969 - Unspecified vulnerability in Fvwm
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN fvwm
nessus
Summary
CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200611-17.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200611-17 (fvwm: fvwm-menu-directory fvwm command injection) Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that fvwm-menu-directory does not sufficiently sanitise directory names prior to generating menus. Impact : A local attacker who can convince an fvwm-menu-directory user to browse a directory they control could cause fvwm commands to be executed with the privileges of the fvwm user. Fvwm commands can be used to execute arbitrary shell commands. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 23725 |
published | 2006-11-27 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/23725 |
title | GLSA-200611-17 : fvwm: fvwm-menu-directory fvwm command injection |
code |
|
Statements
contributor | Mark J Cox |
lastmodified | 2006-11-22 |
organization | Red Hat |
statement | Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm. |
References
- http://www.gentoo-portage.com/x11-wm/fvwm/ChangeLog
- http://thread.gmane.org/gmane.comp.window-managers.fvwm.devel/2419/focus=2419
- http://secunia.com/advisories/22961
- http://www.gentoo.org/security/en/glsa/glsa-200611-17.xml
- http://secunia.com/advisories/23089
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30452