Bug 441462 (CVE-2008-1142)
Summary: | CVE-2008-1142 rxvt: unsafe defaulting to using :0 when DISPLAY is unset | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | andreas.bierfert, harald |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1142 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-23 16:34:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2008-04-08 08:40:35 UTC
Confirmed on rxvt-2.7.10-14.fc8. This issue is generally considered to have a very low security impact. See discussion on the oss-security mailing list. http://www.openwall.com/lists/oss-security/2008/03/04/1 http://marc.info/?l=oss-security&m=120464342901584&w=4 http://marc.info/?l=oss-security&m=120483883801309&w=4 It may still be worth changing / removing this unsafe default behavior in Rawhide for future versions of Fedora. Possible patch attached in the linked Debian bug report. I agree that this is very low profile... I will see to push upgrades for EPEL and rawhide so... This issue does not affect Red Hat Enterprise Linux 3, 4, or 5. The Red Hat Security Response Team has rated this issue as having low security impact. Due to the minimal security consequences of this issue, we do not intend to fix this in Red Hat Enterprise Linux 2.1. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ |