Vulnerability Description
CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fvwm | Fvwm | <= 2.5.18 |
References
- http://secunia.com/advisories/22961
- http://secunia.com/advisories/23089
- http://thread.gmane.org/gmane.comp.window-managers.fvwm.devel/2419/focus=2419
- http://www.gentoo-portage.com/x11-wm/fvwm/ChangeLogURL Repurposed
- http://www.gentoo.org/security/en/glsa/glsa-200611-17.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30452
- http://secunia.com/advisories/22961
- http://secunia.com/advisories/23089
- http://thread.gmane.org/gmane.comp.window-managers.fvwm.devel/2419/focus=2419
- http://www.gentoo-portage.com/x11-wm/fvwm/ChangeLogURL Repurposed
- http://www.gentoo.org/security/en/glsa/glsa-200611-17.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30452
FAQ
What is CVE-2006-5969?
CVE-2006-5969 is a vulnerability with a CVSS score of 4.6 (MEDIUM). CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly ...
How severe is CVE-2006-5969?
CVE-2006-5969 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5969?
Check the references section above for vendor advisories and patch information. Affected products include: Fvwm Fvwm.