Lucene search

MitreCVE-2008-1142

HistoryApr 07, 2008 - 5:44 p.m.

CVE-2008-1142

2008-04-0717:44:00

CWE-264

mitre

web.nvd.nist.gov

rxvt

terminal window

hijack

x11

security

local users

cve-2008-1142

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

Percentile

10.1%

JSON

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Affected configurations

Nvd

Node

atermatermRange≤1.0.0

atermatermMatch0.1.0

atermatermMatch0.1.1

atermatermMatch0.2.0

atermatermMatch0.3.0

atermatermMatch0.3.1

atermatermMatch0.3.2

atermatermMatch0.3.3

atermatermMatch0.3.4

atermatermMatch0.3.5

atermatermMatch0.3.6

atermatermMatch0.4.0

atermatermMatch0.4.1

atermatermMatch0.4.2

atermatermMatch1.00beta1

atermatermMatch1.00beta2

atermatermMatch1.00beta3

atermatermMatch1.00beta4

etermetermRange≤0.9.3

etermetermMatch0.9.2

mrxvtmrxvtRange≤0.5.2

mrxvtmrxvtMatch0.4.2

multi-atermmulti-atermRange≤0.2

multi-atermmulti-atermMatch0.0.1

multi-atermmulti-atermMatch0.0.3

multi-atermmulti-atermMatch0.0.4

multi-atermmulti-atermMatch0.0.5

multi-atermmulti-atermMatch0.1

rxvtrxvtRange≤2.7.9

rxvtrxvtMatch2.6.1

rxvtrxvtMatch2.6.2

rxvtrxvtMatch2.6.3

rxvtrxvtMatch2.6.4

rxvtrxvtMatch2.7.5

rxvtrxvtMatch2.7.6

rxvtrxvtMatch2.7.7

rxvtrxvtMatch2.7.8

rxvt-unicoderxvt-unicodeRange≤9.01

rxvt-unicoderxvt-unicodeMatch1.0

rxvt-unicoderxvt-unicodeMatch1.1

rxvt-unicoderxvt-unicodeMatch1.2

rxvt-unicoderxvt-unicodeMatch1.3

rxvt-unicoderxvt-unicodeMatch1.4

rxvt-unicoderxvt-unicodeMatch1.5

rxvt-unicoderxvt-unicodeMatch1.6

rxvt-unicoderxvt-unicodeMatch1.7

rxvt-unicoderxvt-unicodeMatch1.8

rxvt-unicoderxvt-unicodeMatch1.9

rxvt-unicoderxvt-unicodeMatch1.91

rxvt-unicoderxvt-unicodeMatch2.0

rxvt-unicoderxvt-unicodeMatch2.1

rxvt-unicoderxvt-unicodeMatch2.2

rxvt-unicoderxvt-unicodeMatch2.3

rxvt-unicoderxvt-unicodeMatch2.4

rxvt-unicoderxvt-unicodeMatch2.5

rxvt-unicoderxvt-unicodeMatch2.6

rxvt-unicoderxvt-unicodeMatch2.7

rxvt-unicoderxvt-unicodeMatch2.8

rxvt-unicoderxvt-unicodeMatch2.9

rxvt-unicoderxvt-unicodeMatch3.0

rxvt-unicoderxvt-unicodeMatch3.1

rxvt-unicoderxvt-unicodeMatch3.2

rxvt-unicoderxvt-unicodeMatch3.3

rxvt-unicoderxvt-unicodeMatch3.4

rxvt-unicoderxvt-unicodeMatch3.5

rxvt-unicoderxvt-unicodeMatch3.6

rxvt-unicoderxvt-unicodeMatch3.7

rxvt-unicoderxvt-unicodeMatch3.8

rxvt-unicoderxvt-unicodeMatch3.9

rxvt-unicoderxvt-unicodeMatch4.0

rxvt-unicoderxvt-unicodeMatch4.1

rxvt-unicoderxvt-unicodeMatch4.2

rxvt-unicoderxvt-unicodeMatch4.3

rxvt-unicoderxvt-unicodeMatch4.4

rxvt-unicoderxvt-unicodeMatch4.5

rxvt-unicoderxvt-unicodeMatch4.6

rxvt-unicoderxvt-unicodeMatch4.7

rxvt-unicoderxvt-unicodeMatch4.8

rxvt-unicoderxvt-unicodeMatch4.9

rxvt-unicoderxvt-unicodeMatch5.0

rxvt-unicoderxvt-unicodeMatch5.1

rxvt-unicoderxvt-unicodeMatch5.2

rxvt-unicoderxvt-unicodeMatch5.3

rxvt-unicoderxvt-unicodeMatch5.4

rxvt-unicoderxvt-unicodeMatch5.5

rxvt-unicoderxvt-unicodeMatch5.6

rxvt-unicoderxvt-unicodeMatch5.7

rxvt-unicoderxvt-unicodeMatch5.8

rxvt-unicoderxvt-unicodeMatch5.9

rxvt-unicoderxvt-unicodeMatch6.0

rxvt-unicoderxvt-unicodeMatch6.1

rxvt-unicoderxvt-unicodeMatch6.2

rxvt-unicoderxvt-unicodeMatch6.3

rxvt-unicoderxvt-unicodeMatch7.0

rxvt-unicoderxvt-unicodeMatch7.1

rxvt-unicoderxvt-unicodeMatch7.2

rxvt-unicoderxvt-unicodeMatch7.3

rxvt-unicoderxvt-unicodeMatch7.4

rxvt-unicoderxvt-unicodeMatch7.5

rxvt-unicoderxvt-unicodeMatch7.6

rxvt-unicoderxvt-unicodeMatch7.7

rxvt-unicoderxvt-unicodeMatch7.8

rxvt-unicoderxvt-unicodeMatch7.9

rxvt-unicoderxvt-unicodeMatch8.0

rxvt-unicoderxvt-unicodeMatch8.1

rxvt-unicoderxvt-unicodeMatch8.2

rxvt-unicoderxvt-unicodeMatch8.3

rxvt-unicoderxvt-unicodeMatch8.4

rxvt-unicoderxvt-unicodeMatch8.5

rxvt-unicoderxvt-unicodeMatch8.5a

rxvt-unicoderxvt-unicodeMatch8.6

rxvt-unicoderxvt-unicodeMatch8.7

rxvt-unicoderxvt-unicodeMatch8.8

rxvt-unicoderxvt-unicodeMatch8.9

rxvt-unicoderxvt-unicodeMatch9.0

wtermwtermRange≤6.2.8a2

wtermwtermMatch6.2.5

wtermwtermMatch6.2.6

VendorProductVersionCPE
atermaterm*cpe:2.3:a:aterm:aterm:*:*:*:*:*:*:*:*
atermaterm0.1.0cpe:2.3:a:aterm:aterm:0.1.0:*:*:*:*:*:*:*
atermaterm0.1.1cpe:2.3:a:aterm:aterm:0.1.1:*:*:*:*:*:*:*
atermaterm0.2.0cpe:2.3:a:aterm:aterm:0.2.0:*:*:*:*:*:*:*
atermaterm0.3.0cpe:2.3:a:aterm:aterm:0.3.0:*:*:*:*:*:*:*
atermaterm0.3.1cpe:2.3:a:aterm:aterm:0.3.1:*:*:*:*:*:*:*
atermaterm0.3.2cpe:2.3:a:aterm:aterm:0.3.2:*:*:*:*:*:*:*
atermaterm0.3.3cpe:2.3:a:aterm:aterm:0.3.3:*:*:*:*:*:*:*
atermaterm0.3.4cpe:2.3:a:aterm:aterm:0.3.4:*:*:*:*:*:*:*
atermaterm0.3.5cpe:2.3:a:aterm:aterm:0.3.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
aterm	aterm	*	cpe:2.3:a:aterm:aterm::::::::
aterm	aterm	0.1.0	cpe:2.3:a:aterm:aterm:0.1.0:::::::*
aterm	aterm	0.1.1	cpe:2.3:a:aterm:aterm:0.1.1:::::::*
aterm	aterm	0.2.0	cpe:2.3:a:aterm:aterm:0.2.0:::::::*
aterm	aterm	0.3.0	cpe:2.3:a:aterm:aterm:0.3.0:::::::*
aterm	aterm	0.3.1	cpe:2.3:a:aterm:aterm:0.3.1:::::::*
aterm	aterm	0.3.2	cpe:2.3:a:aterm:aterm:0.3.2:::::::*
aterm	aterm	0.3.3	cpe:2.3:a:aterm:aterm:0.3.3:::::::*
aterm	aterm	0.3.4	cpe:2.3:a:aterm:aterm:0.3.4:::::::*
aterm	aterm	0.3.5	cpe:2.3:a:aterm:aterm:0.3.5:::::::*