CVE-2008-1692

Sažetak

Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473127
http://secunia.com/advisories/29577
http://security.gentoo.org/glsa/glsa-200805-03.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:222
http://www.securityfocus.com/bid/28512

CVSS

Base:	6.9
Impact:	10.0
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

26-02-2009 - 06:51

Objavljeno

07-04-2008 - 18:44