Vulnerability Description
The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Os-Cillation | Xfce Terminal | 0.2.6 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=184886
- http://osvdb.org/38082
- http://secunia.com/advisories/26037Vendor Advisory
- http://secunia.com/advisories/26392
- http://secunia.com/advisories/26418
- http://secunia.com/advisories/27374
- http://security.gentoo.org/glsa/glsa-200708-07.xml
- http://www.debian.org/security/2007/dsa-1393
- http://www.securityfocus.com/bid/24889
- http://www.ubuntu.com/usn/usn-497-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35379
- http://bugs.gentoo.org/show_bug.cgi?id=184886
- http://osvdb.org/38082
- http://secunia.com/advisories/26037Vendor Advisory
- http://secunia.com/advisories/26392
FAQ
What is CVE-2007-3770?
CVE-2007-3770 is a vulnerability with a CVSS score of 7.8 (HIGH). The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as de...
How severe is CVE-2007-3770?
CVE-2007-3770 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3770?
Check the references section above for vendor advisories and patch information. Affected products include: Os-Cillation Xfce Terminal.