CVE-2010-4176

Sažetak

plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.

Reference

http://secunia.com/advisories/42342
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html
http://www.vupen.com/english/advisories/2010/3062
http://www.securityfocus.com/bid/45046
https://bugzilla.redhat.com/show_bug.cgi?id=654489
https://bugzilla.redhat.com/show_bug.cgi?id=654935
http://www.vupen.com/english/advisories/2010/3110
http://secunia.com/advisories/42451
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

03-06-2022 - 15:09

Objavljeno

07-12-2010 - 22:00