Info

Disclosure

Jan 04, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

rxvt-unicode contains a flaw that may allow an unauthorised malicious user to read from or write to tty terminal devices. The issue is present because on systems with non-unix pseudo terminals, permissions were not updated correctly. This left them as world-writable and world-readable, resulting in a loss of confidentiality and integrity.

Classification

Location: Local Access Required
Attack Type: Other
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 6.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

rxvt-unicode

6.2

References

Secunia Advisory ID: 18301
CVE ID: 2006-0126 (see also: NVD)
VUPEN Advisory: ADV-2006-0052
Vendor Specific News/Changelog Entry: http://dist.schmorp.de/rxvt-unicode/Changes

Credit

Ryan Beasley -

Direct URL: http://osvdb.org/22223