Multiple X11 Terminals Missing DISPLAY Variable Local Arbitrary Command Execution Vulnerability

Bugtraq ID: 28512
Class: Design Error
CVE: CVE-2008-1142
CVE-2008-1692
Remote: No
Local: Yes
Published: Mar 31 2008 12:00AM
Updated: Nov 03 2008 05:55PM
Credit: Bernhard R. Link
Vulnerable: wterm wterm 6.2.9
rxvt rxvt 2.7.10
rxvt rxvt 2.6.4
Pardus Linux 2008 0
Pardus Linux 2007 0
multi-aterm multi-aterm 0.2.1
mrxvt mrxvt 0.5.3
Marc Lehmann RXVT-Unicode 9.02
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.1
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Mandriva Linux Mandrake 2007.1 x86_64
Mandriva Linux Mandrake 2007.1
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Eterm Eterm 0.9.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Eterm Eterm 0.9.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
aterm aterm 1.0.1
aterm aterm 0.4.2
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus