Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1845 to the following vulnerability: The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option. Refences: http://www.mirbsd.org/mksh.htm#clog http://www.securityfocus.com/bid/28768 http://www.osvdb.org/44365 http://secunia.com/advisories/29803 http://xforce.iss.net/xforce/xfdb/41794
Fixed upstream version was already pushed to F7/F8: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-3070 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-3174 Rawhide update mksh-33d-1.fc9 did not make it to F9 before freeze.
Robert, have you managed to reproduce this on Fedora? I must admit that I'm not quite sure what is the purpose of -T switch, where this can be used in a meaningful way.
I didn't reproduce that, I didn't use the -T switch as well. I was just adviced personally by upstream to update mksh to solve this issue, as it could be minor security problem (eventually). Anyway, I'm asking rel-eng to get mksh-33d-1.fc9 into Fedora 9.
mksh-33d-1.fc9 successfully tagged into f9-final by notting
Closing this bug.