oss-sec mailing list archives
Re: request CVE id: insecure handling of DISPLAY in rxvt
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 4 Mar 2008 16:51:42 -0500 (EST)
On Tue, 4 Mar 2008, Nico Golde wrote:
"If the DISPLAY environment is not set, rxvt opens an xterm on :0, which on some headless login-server means anyone can setup an fake X server waiting for someone loggin in without X forwarding to start rxvt by some mistake or by some program (thus without even noticing) and getting full shell access to that other account." This is Debian bug 469296[0].
Use CVE-2008-1142 I'm not going to pretend to understand this issue, plus Lubomir's bug comment raises the question of dependency on user error (though it's probably a relatively common error, I'd think). So, I'll fill in the CVE later once this has been fleshed out. - Steve
Current thread:
- request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steven M. Christey (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Tomas Hoger (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 05)
- wiki: Debian, auditing tools, vendor-sec Solar Designer (Mar 05)
- Re: wiki: Debian, auditing tools, vendor-sec Steve Kemp (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steven M. Christey (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Bernhard R. Link (Mar 28)