xterm Local User Deterministic Unauthorized Access

2007.08.28
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-Other


CVSS Base Score: 2.1/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.9/10
Exploit range: Local
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

rPath Security Advisory: 2007-0169-1 Published: 2007-08-23 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local User Deterministic Unauthorized Access Updated Versions: xterm=/conary.rpath.com@rpl:devel//1/202-5.3-1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2797 https://issues.rpath.com/browse/RPL-1396 Description: Previous versions of the xterm package assigned incorrect ownership and write permissions to pseudo-terminal devices, permitting local users to direct output to other users' xterm sessions. Due to xterm's extensive internal processing of escape sequences, this also permits unauthorized modification of xterm session behavior. Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top