RXVT-Unicode Open File Descriptor Leakage Vulnerability
It is reported that RXVT-Unicode fails to properly close file descriptors when spawning new child terminal windows.
The child process could then potentially gain access to possibly sensitive information from the contents of the open file descriptors. Depending on the mode of the original file, and the privileges of the user that opened it, processes in the child window may exploit this vulnerability to take control of the parent process. Other attacks may also be possible.
An attacker requires local access to the RXVT-Unicode process window to exploit this vulnerability.
Versions prior to 3.6 are reported vulnerable to this issue.