CVE-2008-1142

Description

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Affected products

• aterm / aterm1.0.0
• aterm / aterm0.1.0 – 0.1.0
• aterm / aterm0.1.1 – 0.1.1
• aterm / aterm0.2.0 – 0.2.0
• aterm / aterm0.3.0 – 0.3.0
• aterm / aterm0.3.1 – 0.3.1
• aterm / aterm0.3.2 – 0.3.2
• aterm / aterm0.3.3 – 0.3.3
• aterm / aterm0.3.4 – 0.3.4
• aterm / aterm0.3.5 – 0.3.5
• aterm / aterm0.3.6 – 0.3.6
• aterm / aterm0.4.0 – 0.4.0
• aterm / aterm0.4.1 – 0.4.1
• aterm / aterm0.4.2 – 0.4.2
• aterm / aterm1.00 – 1.00
• aterm / aterm1.00 – 1.00
• aterm / aterm1.00 – 1.00
• aterm / aterm1.00 – 1.00
• eterm / eterm0.9.3
• eterm / eterm0.9.2 – 0.9.2
• mrxvt / mrxvt0.5.2
• mrxvt / mrxvt0.4.2 – 0.4.2
• multi-aterm / multi-aterm0.2
• multi-aterm / multi-aterm0.0.1 – 0.0.1
• multi-aterm / multi-aterm0.0.3 – 0.0.3
• multi-aterm / multi-aterm0.0.4 – 0.0.4
• multi-aterm / multi-aterm0.0.5 – 0.0.5
• multi-aterm / multi-aterm0.1 – 0.1
• rxvt / rxvt2.7.9
• rxvt / rxvt2.6.1 – 2.6.1
• rxvt / rxvt2.6.2 – 2.6.2
• rxvt / rxvt2.6.3 – 2.6.3
• rxvt / rxvt2.6.4 – 2.6.4
• rxvt / rxvt2.7.5 – 2.7.5
• rxvt / rxvt2.7.6 – 2.7.6
• rxvt / rxvt2.7.7 – 2.7.7
• rxvt / rxvt2.7.8 – 2.7.8
• rxvt-unicode / rxvt-unicode9.01
• rxvt-unicode / rxvt-unicode1.0 – 1.0
• rxvt-unicode / rxvt-unicode1.1 – 1.1
• rxvt-unicode / rxvt-unicode1.2 – 1.2
• rxvt-unicode / rxvt-unicode1.3 – 1.3
• rxvt-unicode / rxvt-unicode1.4 – 1.4
• rxvt-unicode / rxvt-unicode1.5 – 1.5
• rxvt-unicode / rxvt-unicode1.6 – 1.6
• rxvt-unicode / rxvt-unicode1.7 – 1.7
• rxvt-unicode / rxvt-unicode1.8 – 1.8
• rxvt-unicode / rxvt-unicode1.9 – 1.9
• rxvt-unicode / rxvt-unicode1.91 – 1.91
• rxvt-unicode / rxvt-unicode2.0 – 2.0
• rxvt-unicode / rxvt-unicode2.1 – 2.1
• rxvt-unicode / rxvt-unicode2.2 – 2.2
• rxvt-unicode / rxvt-unicode2.3 – 2.3
• rxvt-unicode / rxvt-unicode2.4 – 2.4
• rxvt-unicode / rxvt-unicode2.5 – 2.5
• rxvt-unicode / rxvt-unicode2.6 – 2.6
• rxvt-unicode / rxvt-unicode2.7 – 2.7
• rxvt-unicode / rxvt-unicode2.8 – 2.8
• rxvt-unicode / rxvt-unicode2.9 – 2.9
• rxvt-unicode / rxvt-unicode3.0 – 3.0
• rxvt-unicode / rxvt-unicode3.1 – 3.1
• rxvt-unicode / rxvt-unicode3.2 – 3.2
• rxvt-unicode / rxvt-unicode3.3 – 3.3
• rxvt-unicode / rxvt-unicode3.4 – 3.4
• rxvt-unicode / rxvt-unicode3.5 – 3.5
• rxvt-unicode / rxvt-unicode3.6 – 3.6
• rxvt-unicode / rxvt-unicode3.7 – 3.7
• rxvt-unicode / rxvt-unicode3.8 – 3.8
• rxvt-unicode / rxvt-unicode3.9 – 3.9
• rxvt-unicode / rxvt-unicode4.0 – 4.0
• rxvt-unicode / rxvt-unicode4.1 – 4.1
• rxvt-unicode / rxvt-unicode4.2 – 4.2
• rxvt-unicode / rxvt-unicode4.3 – 4.3
• rxvt-unicode / rxvt-unicode4.4 – 4.4
• rxvt-unicode / rxvt-unicode4.5 – 4.5
• rxvt-unicode / rxvt-unicode4.6 – 4.6
• rxvt-unicode / rxvt-unicode4.7 – 4.7
• rxvt-unicode / rxvt-unicode4.8 – 4.8
• rxvt-unicode / rxvt-unicode4.9 – 4.9
• rxvt-unicode / rxvt-unicode5.0 – 5.0
• rxvt-unicode / rxvt-unicode5.1 – 5.1
• rxvt-unicode / rxvt-unicode5.2 – 5.2
• rxvt-unicode / rxvt-unicode5.3 – 5.3
• rxvt-unicode / rxvt-unicode5.4 – 5.4
• rxvt-unicode / rxvt-unicode5.5 – 5.5
• rxvt-unicode / rxvt-unicode5.6 – 5.6
• rxvt-unicode / rxvt-unicode5.7 – 5.7
• rxvt-unicode / rxvt-unicode5.8 – 5.8
• rxvt-unicode / rxvt-unicode5.9 – 5.9
• rxvt-unicode / rxvt-unicode6.0 – 6.0
• rxvt-unicode / rxvt-unicode6.1 – 6.1
• rxvt-unicode / rxvt-unicode6.2 – 6.2
• rxvt-unicode / rxvt-unicode6.3 – 6.3
• rxvt-unicode / rxvt-unicode7.0 – 7.0
• rxvt-unicode / rxvt-unicode7.1 – 7.1
• rxvt-unicode / rxvt-unicode7.2 – 7.2
• rxvt-unicode / rxvt-unicode7.3 – 7.3
• rxvt-unicode / rxvt-unicode7.4 – 7.4
• rxvt-unicode / rxvt-unicode7.5 – 7.5
• rxvt-unicode / rxvt-unicode7.6 – 7.6
• rxvt-unicode / rxvt-unicode7.7 – 7.7
• rxvt-unicode / rxvt-unicode7.8 – 7.8
• rxvt-unicode / rxvt-unicode7.9 – 7.9
• rxvt-unicode / rxvt-unicode8.0 – 8.0
• rxvt-unicode / rxvt-unicode8.1 – 8.1
• rxvt-unicode / rxvt-unicode8.2 – 8.2
• rxvt-unicode / rxvt-unicode8.3 – 8.3
• rxvt-unicode / rxvt-unicode8.4 – 8.4
• rxvt-unicode / rxvt-unicode8.5 – 8.5
• rxvt-unicode / rxvt-unicode8.5a – 8.5a
• rxvt-unicode / rxvt-unicode8.6 – 8.6
• rxvt-unicode / rxvt-unicode8.7 – 8.7
• rxvt-unicode / rxvt-unicode8.8 – 8.8
• rxvt-unicode / rxvt-unicode8.9 – 8.9
• rxvt-unicode / rxvt-unicode9.0 – 9.0
• wterm / wterm6.2.8a2
• wterm / wterm6.2.5 – 6.2.5
• wterm / wterm6.2.6 – 6.2.6

References

• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
• MISChttp://article.gmane.org/gmane.comp.security.oss.general/122
• VENDOR_ADVISORYhttp://secunia.com/advisories/30226
• MISChttp://www.securityfocus.com/bid/28512
• VENDOR_ADVISORYhttp://secunia.com/advisories/30229
• VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296
• VENDOR_ADVISORYhttp://secunia.com/advisories/31687
• VENDOR_ADVISORYhttp://secunia.com/advisories/30225
• VENDOR_ADVISORYhttp://secunia.com/advisories/30227
• MISChttp://security.gentoo.org/glsa/glsa-200805-03.xml
• VENDOR_ADVISORYhttp://secunia.com/advisories/30224
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:161
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:221
• VENDOR_ADVISORYhttp://secunia.com/advisories/29576