Bugtraq mailing list archives
FLEA-2007-0048-1 xterm
From: Foresight Linux Essential Announcement Service <foresight-security-noreply () foresightlinux org>
Date: Thu, 23 Aug 2007 17:01:00 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Foresight Linux Essential Advisory: 2007-0048-1 Published: 2007-08-23 Rating: Major Updated Versions: xterm=/conary.rpath.com at rpl:devel//1/202-5.3-1 group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.9-2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2797 https://issues.rpath.com/browse/RPL-1396 Description: Previous versions of the xterm package assigned incorrect ownership and write permissions to pseudo-terminal devices, permitting local users to direct output to other users' xterm sessions. Due to xterm's extensive internal processing of escape sequences, this also permits unauthorized modification of xterm session behavior. - --- Copyright 2007 Foresight Linux Project This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGzfWHWu/kq4lN9jkRAlZFAJ9pyQULDqdu4x51tDaRVCzssmhdsQCfT+8R 5B3Hu3cP4l51t3T/4f1LBGQ= =dmAN -----END PGP SIGNATURE-----
Current thread:
- FLEA-2007-0048-1 xterm Foresight Linux Essential Announcement Service (Aug 24)