[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-1142Date: (C)2008-04-07   (M)2023-12-22


rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.7
Exploit Score: 1.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-28512
SECUNIA-29576
SECUNIA-30224
SECUNIA-30225
SECUNIA-30226
SECUNIA-30227
SECUNIA-30229
SECUNIA-31687
GLSA-200805-03
MDVSA-2008:161
MDVSA-2008:221
SUSE-SR:2008:017
http://article.gmane.org/gmane.comp.security.oss.general/122
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296

CWE    1
CWE-264
OVAL    2
oval:org.secpod.oval:def:3301103
oval:org.secpod.oval:def:301616

© SecPod Technologies