oss-sec mailing list archives

Re: request CVE id: insecure handling of DISPLAY in rxvt

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 4 Mar 2008 16:51:42 -0500 (EST)


On Tue, 4 Mar 2008, Nico Golde wrote:

"If the DISPLAY environment is not set, rxvt opens an xterm
on :0, which on some headless login-server means anyone can setup
an fake X server waiting for someone loggin in without X
forwarding to start rxvt by some mistake or by some program (thus
without even noticing) and getting full shell access to that other
account."

This is Debian bug 469296[0].


Use CVE-2008-1142

I'm not going to pretend to understand this issue, plus Lubomir's bug
comment raises the question of dependency on user error (though it's
probably a relatively common error, I'd think).  So, I'll fill in the CVE
later once this has been fleshed out.

- Steve

Current thread:

request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steven M. Christey (Mar 04)
  - Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 04)
    - Re: request CVE id: insecure handling of DISPLAY in rxvt Tomas Hoger (Mar 05)
    - Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 05)
    - wiki: Debian, auditing tools, vendor-sec Solar Designer (Mar 05)
    - Re: wiki: Debian, auditing tools, vendor-sec Steve Kemp (Mar 05)
    - Re: request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Matthieu Herrb (Mar 05)
  - Re: request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Robert Buchholz (Mar 26)
  - Re: request CVE id: insecure handling of DISPLAY in rxvt Bernhard R. Link (Mar 28)