6 matches found
openSUSE Security Update : rxvt-unicode (rxvt-unicode-163)
It was possible to open a terminal on :0 when the environment variable was not set. This could be exploited by local users to hijack X11 connections CVE-2008-1142. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Mandriva Linux Security Advisory : rxvt (MDVSA-2008:161)
A vulnerability in rxvt allowed it to open a terminal on :0 if the environment variable was not set, which could be used by a local user to hijack X11 connections CVE-2008-1142. The updated packages have been patched to correct this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Gentoo Security Advisory GLSA 200805-03 (aterm eterm rxvt mrxvt multi-aterm wterm rxvt-unicode)
The remote host is missing updates announced in advisory GLSA 200805-03. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 10 Security Update : rxvt-unicode (rxvt-unicode-5541)
It was possible to open a terminal on :0 when the environment variable was not set. This could be exploited by local users to hijack X11 connections CVE-2008-1142. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
[ GLSA 200805-03 ] Multiple X11 terminals: Local privilege escalation
Gentoo Linux Security Advisory GLSA 200805-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
CVE-2008-1142
CVE-2008-1142 affects rxvt and related terminals (rxvt-unicode, mrxvt, aterm, multi-aterm, wterm) where opening a terminal on :0 if DISPLAY is not set enables local users to hijack X11 connections. This is caused by improper handling of DISPLAY during initialization. Public updates exist (e.g., r...