Launchpad CVE tracker

CVE 2008-1692

Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Related bugs and status

CVE-2008-1692 (Candidate) is related to these bugs:

Bug #216604: [CVE-2008-1692] opens on :0 if DISPLAY not set

		In	Importance	Status
216604	[CVE-2008-1692] opens on :0 if DISPLAY not set	eterm (Ubuntu)	Low	Fix Released
216604	[CVE-2008-1692] opens on :0 if DISPLAY not set	eterm (Debian)	Unknown	Fix Released
216604	[CVE-2008-1692] opens on :0 if DISPLAY not set	eterm (Ubuntu Dapper)	Low	Won't Fix
216604	[CVE-2008-1692] opens on :0 if DISPLAY not set	eterm (Ubuntu Edgy)	Low	Won't Fix
216604	[CVE-2008-1692] opens on :0 if DISPLAY not set	eterm (Ubuntu Gutsy)	Low	Fix Released
216604	[CVE-2008-1692] opens on :0 if DISPLAY not set	eterm (Ubuntu Hardy)	Low	Fix Released
216604	[CVE-2008-1692] opens on :0 if DISPLAY not set	eterm (Ubuntu Feisty)	Low	Fix Released

Bug #228871: Please Merge eterm 0.9.4.0debian1-2.1 (universe) from Debian unstable (main).

Summary				In	Importance	Status
	228871	Please Merge eterm 0.9.4.0debian1-2.1 (universe) from Debian unstable (main).		eterm (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.debian.org...
SECUNIA: 29577
GENTOO: GLSA-200805-03
BID: 28512
MANDRIVA: MDVSA-2008:222

Launchpad.net

CVE 2008-1692

Related bugs and status

Related bugs

References