Bug 441462 (CVE-2008-1142) - CVE-2008-1142 rxvt: unsafe defaulting to using :0 when DISPLAY is unset
Summary: CVE-2008-1142 rxvt: unsafe defaulting to using :0 when DISPLAY is unset
Status: CLOSED WONTFIX
Alias: CVE-2008-1142
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard: source=debian,reported=20080304,publi...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-08 08:40 UTC by Tomas Hoger
Modified: 2010-12-23 16:34 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-23 16:34:54 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Tomas Hoger 2008-04-08 08:40:35 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1142 to the following vulnerability:

rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.

Refences:
http://article.gmane.org/gmane.comp.security.oss.general/122
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296
http://secunia.com/advisories/29576

Comment 1 Tomas Hoger 2008-04-08 08:42:12 UTC
Confirmed on rxvt-2.7.10-14.fc8.

This issue is generally considered to have a very low security impact.  See
discussion on the oss-security mailing list.
  http://www.openwall.com/lists/oss-security/2008/03/04/1
  http://marc.info/?l=oss-security&m=120464342901584&w=4
  http://marc.info/?l=oss-security&m=120483883801309&w=4

It may still be worth changing / removing this unsafe default behavior in
Rawhide for future versions of Fedora.

Possible patch attached in the linked Debian bug report.


Comment 2 Andreas Bierfert 2008-04-08 08:55:28 UTC
I agree that this is very low profile... I will see to push upgrades for EPEL
and rawhide so...

Comment 3 Josh Bressers 2008-04-14 18:11:35 UTC
This issue does not affect Red Hat Enterprise Linux 3, 4, or 5.

The Red Hat Security Response Team has rated this issue as having low security
impact.  Due to the minimal security consequences of this issue, we do not
intend to fix this in Red Hat Enterprise Linux 2.1.  More information regarding
issue severity can be found here:
http://www.redhat.com/security/updates/classification/


Note You need to log in before you can comment on or make changes to this bug.