Red Hat Bugzilla – Bug 174845
CVE-2005-3631 /dev/input/* incorrect permissions
Last modified: 2015-10-13 10:38:00 EDT
/dev/input/* incorrect permissions
This issue was reported to secalert by Richard Cunningham
/dev/input/* has permissions set to 644 by default.
This makes it possible for any user to sniff local user input
(password capturing being the most dangerous).
What's your plan for this? I've not communicated this to vendor-sec yet as I
would like to know what an appropriate embargo date should be?
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.