oss-sec mailing list archives
Re: request CVE id: insecure handling of DISPLAY in rxvt
From: Nico Golde <oss-security+ml () ngolde de>
Date: Wed, 5 Mar 2008 14:04:08 +0100
Hi Matthieu, * Matthieu Herrb <matthieu.herrb () laas fr> [2008-03-05 12:54]:
Nico Golde wrote:Steve, can I get a CVE id for the following issue in rxvt? "If the DISPLAY environment is not set, rxvt opens an xterm on :0, which on some headless login-server means anyone can setup an fake X server waiting for someone loggin in without X forwarding to start rxvt by some mistake or by some program (thus without even noticing) and getting full shell access to that other account." This is Debian bug 469296[0]. It should be a good idea to check other terminal emulators as well. [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296I don't understand how that's an issue with rxvt. If you "fix" the terminal emulator not to that, yo can still run rxvt -display :0 or env DISPLAY=:0 rxvt.
Sure but what's your point? It still looks different to me if the user is forced to enable that or if it's done in the background without him noticing it.
But then I also don't understant what you mean by "setup an fake X server waiting for someone loggin in..."
He basically meant starting an X server on :0. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steven M. Christey (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Tomas Hoger (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 05)
- wiki: Debian, auditing tools, vendor-sec Solar Designer (Mar 05)
- Re: wiki: Debian, auditing tools, vendor-sec Steve Kemp (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steven M. Christey (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Bernhard R. Link (Mar 28)