Description
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.
Affected products
References
- MISChttp://www.securityfocus.com/bid/45046
- MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/42342
- VENDOR_ADVISORYhttp://secunia.com/advisories/42451
- MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/3110
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=654489
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/3062
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=654935