CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
10.1%
Aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are X11 terminal emulators.
Bernhard R. Link discovered that RXVT opens a terminal on :0 if the β-displayβ option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo Security Team has shown that aterm, Eterm, Mrxvt, multi-aterm, rxvt-unicode, and wterm are also affected.
A local attacker could exploit this vulnerability to hijack X11 terminals of other users.
There is no known workaround at this time.
All aterm users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/aterm-1.0.1-r1"
All Eterm users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/eterm-0.9.4-r1"
All Mrxvt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/mrxvt-0.5.3-r2"
All multi-aterm users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/multi-aterm-0.2.1-r1"
All RXVT users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/rxvt-2.7.10-r4"
All rxvt-unicode users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-9.02-r1"
All wterm users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/wterm-6.2.9-r3"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | x11-terms/aterm | <Β 1.0.1-r1 | UNKNOWN |
Gentoo | any | all | x11-terms/eterm | <Β 0.9.4-r1 | UNKNOWN |
Gentoo | any | all | x11-terms/mrxvt | <Β 0.5.3-r2 | UNKNOWN |
Gentoo | any | all | x11-terms/multi-aterm | <Β 0.2.1-r1 | UNKNOWN |
Gentoo | any | all | x11-terms/rxvt | <Β 2.7.10-r4 | UNKNOWN |
Gentoo | any | all | x11-terms/rxvt-unicode | <Β 9.02-r1 | UNKNOWN |
Gentoo | any | all | x11-terms/wterm | <Β 6.2.9-r3 | UNKNOWN |