CVE-2010-4176

2010-12-0722:00:00

Debian Security Bug Tracker

security-tracker.debian.org

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

53.3%

JSON

plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.

OSVersionArchitecturePackageVersionFilename
Debian12alldracut< 059-4dracut_059-4_all.deb
Debian11alldracut< 051-1dracut_051-1_all.deb
Debian10alldracut< 048+80-2dracut_048+80-2_all.deb
Debian999alldracut< 060+5-1dracut_060+5-1_all.deb
Debian13alldracut< 060+5-1dracut_060+5-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	dracut	< 059-4	dracut_059-4_all.deb
Debian	11	all	dracut	< 051-1	dracut_051-1_all.deb
Debian	10	all	dracut	< 048+80-2	dracut_048+80-2_all.deb
Debian	999	all	dracut	< 060+5-1	dracut_060+5-1_all.deb
Debian	13	all	dracut	< 060+5-1	dracut_060+5-1_all.deb