The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Xterm | Invisible-island | nil (including) | nil (including) |
Xterm | Ubuntu | dapper | * |
Xterm | Ubuntu | gutsy | * |
Xterm | Ubuntu | hardy | * |
Xterm | Ubuntu | intrepid | * |