|
|
CVE Reference: CVE-2008-1142 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-1142 |
|
|
Description: rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. |
|
|
CVE Status: Candidate |
|
|
References: SUSE http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html SAID Secunia Advisory: SA30225 Secunia Advisory: SA30224 Secunia Advisory: SA29576 Secunia Advisory: SA30226 Secunia Advisory: SA30227 Secunia Advisory: SA30229 Secunia Advisory: SA31687 MISC http://article.gmane.org/gmane.comp.security.oss.general/122 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:161 http://www.mandriva.com/security/advisories?name=MDVSA-2008:221 GENTOO http://security.gentoo.org/glsa/glsa-200805-03.xml CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296 BID 28512 |
|
| Return to the previous page. |
