Vulnerability Details : CVE-2010-2713
The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.
Exploit prediction scoring system (EPSS) score for CVE-2010-2713
Probability of exploitation activity in the next 30 days: 5.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 93 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2713
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
References for CVE-2010-2713
-
http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91
Fix terminal title reporting (8b971a7b) · Commits · GNOME / vte · GitLabExploit;Patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=613110
613110 – (CVE-2010-2713) CVE-2010-2713 vte: responds to get window title escape sequence request
-
http://www.securityfocus.com/bid/41716
VTE Window and Icon Title Remote Code Execution Vulnerability
-
http://www.vupen.com/english/advisories/2010/1839
Webmail | OVH- OVHVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:014
-
http://www.ubuntu.com/usn/usn-962-1
USN-962-1: VTE vulnerability | Ubuntu security notices
Products affected by CVE-2010-2713
- cpe:2.3:a:nalin_dahyabhai:vte:*:*:*:*:*:*:*:*When used together with: Gnome » Gnome-terminal
- cpe:2.3:a:nalin_dahyabhai:vte:0.17.4:*:*:*:*:*:*:*When used together with: Gnome » Gnome-terminal
- cpe:2.3:a:nalin_dahyabhai:vte:0.20.5:*:*:*:*:*:*:*When used together with: Gnome » Gnome-terminal
- cpe:2.3:a:nalin_dahyabhai:vte:0.22.5:*:*:*:*:*:*:*When used together with: Gnome » Gnome-terminal
- cpe:2.3:a:nalin_dahyabhai:vte:0.12.2:*:*:*:*:*:*:*When used together with: Gnome » Gnome-terminal
- cpe:2.3:a:nalin_dahyabhai:vte:0.24.3:*:*:*:*:*:*:*When used together with: Gnome » Gnome-terminal
- cpe:2.3:a:nalin_dahyabhai:vte:0.14.2:*:*:*:*:*:*:*When used together with: Gnome » Gnome-terminal
- cpe:2.3:a:nalin_dahyabhai:vte:0.16.14:*:*:*:*:*:*:*When used together with: Gnome » Gnome-terminal
- cpe:2.3:a:nalin_dahyabhai:vte:0.11.21:*:*:*:*:*:*:*When used together with: Gnome » Gnome-terminal
- cpe:2.3:a:nalin_dahyabhai:vte:0.15.0:*:*:*:*:*:*:*When used together with: Gnome » Gnome-terminal