CVE-2010-4176
8.5 High
AI Score
Confidence
High
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
53.3%
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dracut_project:dracut | dracut project dracut | eq | - |
| udev_project:udev | udev project udev | eq | - |
References
lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html
lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html
secunia.com/advisories/42342
secunia.com/advisories/42451
www.securityfocus.com/bid/45046
www.vupen.com/english/advisories/2010/3062
www.vupen.com/english/advisories/2010/3110
bugzilla.redhat.com/show_bug.cgi?id=654489
bugzilla.redhat.com/show_bug.cgi?id=654935
Related
8.5 High
AI Score
Confidence
High
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
53.3%