Multiple X11 terminals: Local privilege escalation
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 200805-03 / aterm eterm rxvt mrxvt multi-aterm wterm rxvt-unicode |
| Release Date |
May 07, 2008 |
| Latest Revision |
May 10, 2008: 02 |
| Impact |
normal |
| Exploitable |
local |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| x11-terms/aterm |
<
1.0.1-r1 |
>=
1.0.1-r1 |
All supported architectures
|
| x11-terms/eterm |
<
0.9.4-r1 |
>=
0.9.4-r1 |
All supported architectures
|
| x11-terms/mrxvt |
<
0.5.3-r2 |
>=
0.5.3-r2 |
All supported architectures
|
| x11-terms/multi-aterm |
<
0.2.1-r1 |
>=
0.2.1-r1 |
All supported architectures
|
| x11-terms/rxvt |
<
2.7.10-r4 |
>=
2.7.10-r4 |
All supported architectures
|
| x11-terms/rxvt-unicode |
<
9.02-r1 |
>=
9.02-r1 |
All supported architectures
|
| x11-terms/wterm |
<
6.2.9-r3 |
>=
6.2.9-r3 |
All supported architectures
|
Related bugreports:
#216833, #217819, #219746, #219750, #219754, #219760, #219762
Synopsis
A vulnerability was found in aterm, Eterm, Mrxvt, multi-aterm, RXVT,
rxvt-unicode, and wterm, allowing for local privilege escalation.
2.
Impact Information
Background
Aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are X11
terminal emulators.
Description
Bernhard R. Link discovered that RXVT opens a terminal on :0 if the
"-display" option is not specified and the DISPLAY environment variable
is not set. Further research by the Gentoo Security Team has shown that
aterm, Eterm, Mrxvt, multi-aterm, rxvt-unicode, and wterm are also
affected.
Impact
A local attacker could exploit this vulnerability to hijack X11
terminals of other users.
3.
Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All aterm users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/aterm-1.0.1-r1"
|
All Eterm users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/eterm-0.9.4-r1"
|
All Mrxvt users should upgrade to the latest version:
Code Listing 3.3: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/mrxvt-0.5.3-r2"
|
All multi-aterm users should upgrade to the latest version:
Code Listing 3.4: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/multi-aterm-0.2.1-r1"
|
All RXVT users should upgrade to the latest version:
Code Listing 3.5: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/rxvt-2.7.10-r4"
|
All rxvt-unicode users should upgrade to the latest version:
Code Listing 3.6: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-9.02-r1"
|
All wterm users should upgrade to the latest version:
Code Listing 3.7: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=x11-terms/wterm-6.2.9-r3"
|
4.
References
|
