Local User Vulnerability in rxvt and Similar Terminal Emulators by Vender 'rxvt'
CVE-2008-1142

Currently unrated

Key Information:

Vendor: Rxvt-unicode
Status: Rxvt-unicode; Aterm; Rxvt; Multi-aterm
Vendor: CVE Published:; 7 April 2008

🔔 Create Rxvt-unicode Vulnerability Alert

What is CVE-2008-1142?

The rxvt terminal emulator version 2.6.4 contains a security flaw that enables local users to potentially hijack X11 connections. When the DISPLAY environment variable is not set, the application opens a terminal window on display :0, which exposes the system to risks of command execution by unauthorized users. Attack scenarios necessitate specific conditions, such as the victim executing commands incorrectly on a compromised machine, leading to particularly concerning security implications for system integrity.

References

http://lists.opensuse.org/opensuse-security-announce/2008...

vendor-advisoryx_refsource_SUSE

http://article.gmane.org/gmane.comp.security.oss.general/122

x_refsource_MISC

http://secunia.com/advisories/30226

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2008
Vulnerability Reserved
Mar 4, 2008