Vulnerability Details CVE-2015-8971
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- http://www.debian.org/security/2016/dsa-3712
- http://www.openwall.com/lists/oss-security/2016/11/04/12
- http://www.openwall.com/lists/oss-security/2016/11/04/15
- http://www.openwall.com/lists/oss-security/2016/11/07/1
- http://www.securityfocus.com/bid/94132
- https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
- http://www.debian.org/security/2016/dsa-3712
- http://www.openwall.com/lists/oss-security/2016/11/04/12
- http://www.openwall.com/lists/oss-security/2016/11/04/15
- http://www.openwall.com/lists/oss-security/2016/11/07/1
- http://www.securityfocus.com/bid/94132
- https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
Products affected by CVE-2015-8971
-
cpe:2.3:a:enlightenment:terminology:0.7.0
-
cpe:2.3:o:debian:debian_linux:8.0