Lucene search
HistoryApr 07, 2008 - 5:44 p.m.
CVE-2008-1142
CVSS2
3.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
AI Score
8.4
Confidence
High
EPSS
0
Percentile
10.1%
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
Affected configurations
Node
atermatermRangeβ€1.0.0
ORatermatermMatch0.1.0
ORatermatermMatch0.1.1
ORatermatermMatch0.2.0
ORatermatermMatch0.3.0
ORatermatermMatch0.3.1
ORatermatermMatch0.3.2
ORatermatermMatch0.3.3
ORatermatermMatch0.3.4
ORatermatermMatch0.3.5
ORatermatermMatch0.3.6
ORatermatermMatch0.4.0
ORatermatermMatch0.4.1
ORatermatermMatch0.4.2
ORatermatermMatch1.00beta1
ORatermatermMatch1.00beta2
ORatermatermMatch1.00beta3
ORatermatermMatch1.00beta4
ORetermetermRangeβ€0.9.3
ORetermetermMatch0.9.2
ORmrxvtmrxvtRangeβ€0.5.2
ORmrxvtmrxvtMatch0.4.2
ORmulti-atermmulti-atermRangeβ€0.2
ORmulti-atermmulti-atermMatch0.0.1
ORmulti-atermmulti-atermMatch0.0.3
ORmulti-atermmulti-atermMatch0.0.4
ORmulti-atermmulti-atermMatch0.0.5
ORmulti-atermmulti-atermMatch0.1
ORrxvtrxvtRangeβ€2.7.9
ORrxvtrxvtMatch2.6.1
ORrxvtrxvtMatch2.6.2
ORrxvtrxvtMatch2.6.3
ORrxvtrxvtMatch2.6.4
ORrxvtrxvtMatch2.7.5
ORrxvtrxvtMatch2.7.6
ORrxvtrxvtMatch2.7.7
ORrxvtrxvtMatch2.7.8
ORrxvt-unicoderxvt-unicodeRangeβ€9.01
ORrxvt-unicoderxvt-unicodeMatch1.0
ORrxvt-unicoderxvt-unicodeMatch1.1
ORrxvt-unicoderxvt-unicodeMatch1.2
ORrxvt-unicoderxvt-unicodeMatch1.3
ORrxvt-unicoderxvt-unicodeMatch1.4
ORrxvt-unicoderxvt-unicodeMatch1.5
ORrxvt-unicoderxvt-unicodeMatch1.6
ORrxvt-unicoderxvt-unicodeMatch1.7
ORrxvt-unicoderxvt-unicodeMatch1.8
ORrxvt-unicoderxvt-unicodeMatch1.9
ORrxvt-unicoderxvt-unicodeMatch1.91
ORrxvt-unicoderxvt-unicodeMatch2.0
ORrxvt-unicoderxvt-unicodeMatch2.1
ORrxvt-unicoderxvt-unicodeMatch2.2
ORrxvt-unicoderxvt-unicodeMatch2.3
ORrxvt-unicoderxvt-unicodeMatch2.4
ORrxvt-unicoderxvt-unicodeMatch2.5
ORrxvt-unicoderxvt-unicodeMatch2.6
ORrxvt-unicoderxvt-unicodeMatch2.7
ORrxvt-unicoderxvt-unicodeMatch2.8
ORrxvt-unicoderxvt-unicodeMatch2.9
ORrxvt-unicoderxvt-unicodeMatch3.0
ORrxvt-unicoderxvt-unicodeMatch3.1
ORrxvt-unicoderxvt-unicodeMatch3.2
ORrxvt-unicoderxvt-unicodeMatch3.3
ORrxvt-unicoderxvt-unicodeMatch3.4
ORrxvt-unicoderxvt-unicodeMatch3.5
ORrxvt-unicoderxvt-unicodeMatch3.6
ORrxvt-unicoderxvt-unicodeMatch3.7
ORrxvt-unicoderxvt-unicodeMatch3.8
ORrxvt-unicoderxvt-unicodeMatch3.9
ORrxvt-unicoderxvt-unicodeMatch4.0
ORrxvt-unicoderxvt-unicodeMatch4.1
ORrxvt-unicoderxvt-unicodeMatch4.2
ORrxvt-unicoderxvt-unicodeMatch4.3
ORrxvt-unicoderxvt-unicodeMatch4.4
ORrxvt-unicoderxvt-unicodeMatch4.5
ORrxvt-unicoderxvt-unicodeMatch4.6
ORrxvt-unicoderxvt-unicodeMatch4.7
ORrxvt-unicoderxvt-unicodeMatch4.8
ORrxvt-unicoderxvt-unicodeMatch4.9
ORrxvt-unicoderxvt-unicodeMatch5.0
ORrxvt-unicoderxvt-unicodeMatch5.1
ORrxvt-unicoderxvt-unicodeMatch5.2
ORrxvt-unicoderxvt-unicodeMatch5.3
ORrxvt-unicoderxvt-unicodeMatch5.4
ORrxvt-unicoderxvt-unicodeMatch5.5
ORrxvt-unicoderxvt-unicodeMatch5.6
ORrxvt-unicoderxvt-unicodeMatch5.7
ORrxvt-unicoderxvt-unicodeMatch5.8
ORrxvt-unicoderxvt-unicodeMatch5.9
ORrxvt-unicoderxvt-unicodeMatch6.0
ORrxvt-unicoderxvt-unicodeMatch6.1
ORrxvt-unicoderxvt-unicodeMatch6.2
ORrxvt-unicoderxvt-unicodeMatch6.3
ORrxvt-unicoderxvt-unicodeMatch7.0
ORrxvt-unicoderxvt-unicodeMatch7.1
ORrxvt-unicoderxvt-unicodeMatch7.2
ORrxvt-unicoderxvt-unicodeMatch7.3
ORrxvt-unicoderxvt-unicodeMatch7.4
ORrxvt-unicoderxvt-unicodeMatch7.5
ORrxvt-unicoderxvt-unicodeMatch7.6
ORrxvt-unicoderxvt-unicodeMatch7.7
ORrxvt-unicoderxvt-unicodeMatch7.8
ORrxvt-unicoderxvt-unicodeMatch7.9
ORrxvt-unicoderxvt-unicodeMatch8.0
ORrxvt-unicoderxvt-unicodeMatch8.1
ORrxvt-unicoderxvt-unicodeMatch8.2
ORrxvt-unicoderxvt-unicodeMatch8.3
ORrxvt-unicoderxvt-unicodeMatch8.4
ORrxvt-unicoderxvt-unicodeMatch8.5
ORrxvt-unicoderxvt-unicodeMatch8.5a
ORrxvt-unicoderxvt-unicodeMatch8.6
ORrxvt-unicoderxvt-unicodeMatch8.7
ORrxvt-unicoderxvt-unicodeMatch8.8
ORrxvt-unicoderxvt-unicodeMatch8.9
ORrxvt-unicoderxvt-unicodeMatch9.0
ORwtermwtermRangeβ€6.2.8a2
ORwtermwtermMatch6.2.5
ORwtermwtermMatch6.2.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| aterm | aterm | * | cpe:2.3:a:aterm:aterm:*:*:*:*:*:*:*:* |
| aterm | aterm | 0.1.0 | cpe:2.3:a:aterm:aterm:0.1.0:*:*:*:*:*:*:* |
| aterm | aterm | 0.1.1 | cpe:2.3:a:aterm:aterm:0.1.1:*:*:*:*:*:*:* |
| aterm | aterm | 0.2.0 | cpe:2.3:a:aterm:aterm:0.2.0:*:*:*:*:*:*:* |
| aterm | aterm | 0.3.0 | cpe:2.3:a:aterm:aterm:0.3.0:*:*:*:*:*:*:* |
| aterm | aterm | 0.3.1 | cpe:2.3:a:aterm:aterm:0.3.1:*:*:*:*:*:*:* |
| aterm | aterm | 0.3.2 | cpe:2.3:a:aterm:aterm:0.3.2:*:*:*:*:*:*:* |
| aterm | aterm | 0.3.3 | cpe:2.3:a:aterm:aterm:0.3.3:*:*:*:*:*:*:* |
| aterm | aterm | 0.3.4 | cpe:2.3:a:aterm:aterm:0.3.4:*:*:*:*:*:*:* |
| aterm | aterm | 0.3.5 | cpe:2.3:a:aterm:aterm:0.3.5:*:*:*:*:*:*:* |
References
article.gmane.org/gmane.comp.security.oss.general/122
bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296
lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
secunia.com/advisories/29576
secunia.com/advisories/30224
secunia.com/advisories/30225
secunia.com/advisories/30226
secunia.com/advisories/30227
secunia.com/advisories/30229
secunia.com/advisories/31687
security.gentoo.org/glsa/glsa-200805-03.xml
www.mandriva.com/security/advisories?name=MDVSA-2008:161
www.mandriva.com/security/advisories?name=MDVSA-2008:221
www.securityfocus.com/bid/28512
Related
cvelist
cvelist
CVE-2008-1142
2008-04-07 17:00:00
nessus
nessus
Mandriva Linux Security Advisory : rxvt (MDVSA-2008:161)
2009-04-23 00:00:00
openSUSE Security Update : rxvt-unicode (rxvt-unicode-163)
2009-07-21 00:00:00
openSUSE 10 Security Update : rxvt-unicode (rxvt-unicode-5541)
2008-08-24 00:00:00
cve
cve
CVE-2008-1142
2008-04-07 17:44:00
debiancve
debiancve
CVE-2008-1142
2008-04-07 17:44:00
openvas
openvas
Mandriva Update for rxvt MDVSA-2008:161 (rxvt)
2009-04-09 00:00:00
Mandriva Update for rxvt MDVSA-2008:161 (rxvt)
2009-04-09 00:00:00
prion
prion
Code injection
2008-04-07 17:44:00
ubuntucve
ubuntucve
CVE-2008-1142
2008-04-07 00:00:00
securityvulns
securityvulns
Multiple terminal clients X sessions hijack
2008-05-08 00:00:00
[ GLSA 200805-03 ] Multiple X11 terminals: Local privilege escalation
2008-05-08 00:00:00
osv
osv
rxvt-unicode-9.22-1.1 on GA media
2024-06-15 00:00:00
seebug
seebug
rxvtη»η«―X11ζΎη€Ίδ»»ζ代η ζ§θ‘ζΌζ΄
2008-08-11 00:00:00
gentoo
gentoo
Multiple X11 terminals: Local privilege escalation
2008-05-07 00:00:00
CVSS2
3.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
AI Score
8.4
Confidence
High
EPSS
0
Percentile
10.1%
Related for NVD:CVE-2008-1142