We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
Reserved 2003-02-04 | Published 2004-09-01 | Updated 2024-10-29 | Assigner mitrewww.debian.org/security/2003/dsa-380 (DSA-380)
www.redhat.com/support/errata/RHSA-2003-067.html (RHSA-2003:067)
www.redhat.com/support/errata/RHSA-2003-066.html (RHSA-2003:066)
marc.info/?l=bugtraq&m=104612710031920&w=2 (20030224 Terminal Emulator Security Issues)
www.redhat.com/support/errata/RHSA-2003-064.html (RHSA-2003:064)
www.redhat.com/support/errata/RHSA-2003-065.html (RHSA-2003:065)
www.securityfocus.com/bid/6940 (6940)
www.iss.net/security_center/static/11414.php (terminal-emulator-window-title(11414))
archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html (20030224 Terminal Emulator Security Issues)
www.openwall.com/lists/oss-security/2024/06/15/1 ([oss-security] 20240615 iTerm2 3.5.x title reporting bug)
Support options
