CVE Reference: CVE-2008-1845

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2008-1845

Description:
The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/41794

SAID
  Secunia Advisory: SA29803

OSVDB
  44365

CONFIRM
  http://www.mirbsd.org/mksh.htm#clog

BID
  28768


Return to the previous page.