| Vulnerability Name: | CVE-2008-1692 (CCN-41539) | ||||||||
| Assigned: | 2008-03-28 | ||||||||
| Published: | 2008-03-28 | ||||||||
| Updated: | 2009-02-26 | ||||||||
| Summary: | Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. Note: realistic attack scenarios require that the victim enters a command on the wrong machine. | ||||||||
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C) 5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-264 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: gmane Security Advisory, 2008-03-06 21:05:14 GMT Attack vector exploiting rxvt defaulting to :0 Source: CCN Type: Debian Bug report logs - #473127 eterm: opens window on unspecified display Source: MISC Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473127 Source: MITRE Type: CNA CVE-2008-1142 Source: MITRE Type: CNA CVE-2008-1692 Source: CCN Type: SA29576 rxvt X11 Display Security Issue Source: CCN Type: SA29577 Eterm X11 Display Security Issue Source: SECUNIA Type: Vendor Advisory 29577 Source: CCN Type: SA30224 rxvt-unicode X11 Display Security Issue Source: CCN Type: SA30225 aterm X11 Display Security Issue Source: CCN Type: SA30226 wterm X11 Display Security Issue Source: CCN Type: SA30227 mrxvt X11 Display Security Issue Source: GENTOO Type: UNKNOWN GLSA-200805-03 Source: CCN Type: Eterm Web site Eterm.Org Source: MANDRIVA Type: UNKNOWN MDVSA-2008:222 Source: CCN Type: OSVDB ID: 43902 rxvt X11 :0 Default Display Local Privilege Escalation Source: CCN Type: OSVDB ID: 43903 Eterm X11 :0 Default Display Local Privilege Escalation Source: CCN Type: OSVDB ID: 45081 aterm X11 :0 Default Display Local Privilege Escalation Source: CCN Type: OSVDB ID: 45082 mrxvt X11 :0 Default Display Local Privilege Escalation Source: CCN Type: OSVDB ID: 45083 rxvt-unicode X11 :0 Default Display Local Privilege Escalation Source: CCN Type: OSVDB ID: 45084 wterm X11 :0 Default Display Local Privilege Escalation Source: CCN Type: rxvt Web site ouR eXtended Virtual Terminal Source: BID Type: UNKNOWN 28512 Source: CCN Type: BID-28512 Multiple X11 Terminals Missing DISPLAY Variable Local Arbitrary Command Execution Vulnerability Source: XF Type: UNKNOWN terminalemulator-x11-privilege-escalation(41539) Source: SUSE Type: SUSE-SR:2008:017 SUSE Security Summary Report | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||