Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1142

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2008-1142
Last Modified 26 Feb 2009 12:00:00
Published 07 Apr 2008 01:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2008-1142

Summary

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Vulnerable Systems

Application

  • Aterm 0.1.0

  • Aterm 0.1.1

  • Aterm 0.2.0

  • Aterm 0.3.0

  • Aterm 0.3.1

  • Aterm 0.3.2

  • Aterm 0.3.3

  • Aterm 0.3.4

  • Aterm 0.3.5

  • Aterm 0.3.6

  • Aterm 0.4.0

  • Aterm 0.4.1

  • Aterm 0.4.2

  • Aterm 1.0.0

  • Aterm 1.00

  • Eterm 0.9.2

  • Eterm 0.9.3

  • Mrxvt 0.4.2

  • Mrxvt 0.5.2

  • Multi-aterm 0.0.1

  • Multi-aterm 0.0.3

  • Multi-aterm 0.0.4

  • Multi-aterm 0.0.5

  • Multi-aterm 0.1

  • Multi-aterm 0.2

  • Rxvt 2.6.1

  • Rxvt 2.6.2

  • Rxvt 2.6.3

  • Rxvt 2.6.4

  • Rxvt 2.7.5

  • Rxvt 2.7.6

  • Rxvt 2.7.7

  • Rxvt 2.7.8

  • Rxvt 2.7.9

  • Rxvt-unicode 1.0

  • Rxvt-unicode 1.1

  • Rxvt-unicode 1.2

  • Rxvt-unicode 1.3

  • Rxvt-unicode 1.4

  • Rxvt-unicode 1.5

  • Rxvt-unicode 1.6

  • Rxvt-unicode 1.7

  • Rxvt-unicode 1.8

  • Rxvt-unicode 1.9

  • Rxvt-unicode 1.91

  • Rxvt-unicode 2.0

  • Rxvt-unicode 2.1

  • Rxvt-unicode 2.2

  • Rxvt-unicode 2.3

  • Rxvt-unicode 2.4

  • Rxvt-unicode 2.5

  • Rxvt-unicode 2.6

  • Rxvt-unicode 2.7

  • Rxvt-unicode 2.8

  • Rxvt-unicode 2.9

  • Rxvt-unicode 3.0

  • Rxvt-unicode 3.1

  • Rxvt-unicode 3.2

  • Rxvt-unicode 3.3

  • Rxvt-unicode 3.4

  • Rxvt-unicode 3.5

  • Rxvt-unicode 3.6

  • Rxvt-unicode 3.7

  • Rxvt-unicode 3.8

  • Rxvt-unicode 3.9

  • Rxvt-unicode 4.0

  • Rxvt-unicode 4.1

  • Rxvt-unicode 4.2

  • Rxvt-unicode 4.3

  • Rxvt-unicode 4.4

  • Rxvt-unicode 4.5

  • Rxvt-unicode 4.6

  • Rxvt-unicode 4.7

  • Rxvt-unicode 4.8

  • Rxvt-unicode 4.9

  • Rxvt-unicode 5.0

  • Rxvt-unicode 5.1

  • Rxvt-unicode 5.2

  • Rxvt-unicode 5.3

  • Rxvt-unicode 5.4

  • Rxvt-unicode 5.5

  • Rxvt-unicode 5.6

  • Rxvt-unicode 5.7

  • Rxvt-unicode 5.8

  • Rxvt-unicode 5.9

  • Rxvt-unicode 6.0

  • Rxvt-unicode 6.1

  • Rxvt-unicode 6.2

  • Rxvt-unicode 6.3

  • Rxvt-unicode 7.0

  • Rxvt-unicode 7.1

  • Rxvt-unicode 7.2

  • Rxvt-unicode 7.3

  • Rxvt-unicode 7.4

  • Rxvt-unicode 7.5

  • Rxvt-unicode 7.6

  • Rxvt-unicode 7.7

  • Rxvt-unicode 7.8

  • Rxvt-unicode 7.9

  • Rxvt-unicode 8.0

  • Rxvt-unicode 8.1

  • Rxvt-unicode 8.2

  • Rxvt-unicode 8.3

  • Rxvt-unicode 8.4

  • Rxvt-unicode 8.5

  • Rxvt-unicode 8.5a

  • Rxvt-unicode 8.6

  • Rxvt-unicode 8.7

  • Rxvt-unicode 8.8

  • Rxvt-unicode 8.9

  • Rxvt-unicode 9.0

  • Rxvt-unicode 9.01

  • Wterm 6.2.5

  • Wterm 6.2.6

  • Wterm 6.2.8a2


References

BID - 28512

MANDRIVA - MDVSA-2008:221

MANDRIVA - MDVSA-2008:161

GENTOO - GLSA-200805-03

SECUNIA - 31687

SECUNIA - 30229

SECUNIA - 30227

SECUNIA - 30226

SECUNIA - 30225

SECUNIA - 30224

SECUNIA - 29576

SUSE - SUSE-SR:2008:017

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296

MISC - http://article.gmane.org/gmane.comp.security.oss.general/122


Last Updated: 27 May 2016 10:47:02