CVE-2008-1142

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2008-1142
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2008-04-07 17:44:00 UTC
Updated2009-02-26 05:00:00 UTC
Descriptionrxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Risk And Classification

Problem Types: CWE-264

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Aterm Aterm 0.1.0 All All All
Application Aterm Aterm 0.1.1 All All All
Application Aterm Aterm 0.2.0 All All All
Application Aterm Aterm 0.3.0 All All All
Application Aterm Aterm 0.3.1 All All All
Application Aterm Aterm 0.3.2 All All All
Application Aterm Aterm 0.3.3 All All All
Application Aterm Aterm 0.3.4 All All All
Application Aterm Aterm 0.3.5 All All All
Application Aterm Aterm 0.3.6 All All All
Application Aterm Aterm 0.4.0 All All All
Application Aterm Aterm 0.4.1 All All All
Application Aterm Aterm 0.4.2 All All All
Application Aterm Aterm 1.00 beta1 All All
Application Aterm Aterm 1.00 beta2 All All
Application Aterm Aterm 1.00 beta3 All All
Application Aterm Aterm 1.00 beta4 All All
Application Aterm Aterm 0.1.0 All All All
Application Aterm Aterm 0.1.1 All All All
Application Aterm Aterm 0.2.0 All All All
Application Aterm Aterm 0.3.0 All All All
Application Aterm Aterm 0.3.1 All All All
Application Aterm Aterm 0.3.2 All All All
Application Aterm Aterm 0.3.3 All All All
Application Aterm Aterm 0.3.4 All All All
Application Aterm Aterm 0.3.5 All All All
Application Aterm Aterm 0.3.6 All All All
Application Aterm Aterm 0.4.0 All All All
Application Aterm Aterm 0.4.1 All All All
Application Aterm Aterm 0.4.2 All All All
Application Aterm Aterm 1.00 beta1 All All
Application Aterm Aterm 1.00 beta2 All All
Application Aterm Aterm 1.00 beta3 All All
Application Aterm Aterm 1.00 beta4 All All
Application Aterm Aterm All All All All
Application Eterm Eterm 0.9.2 All All All
Application Eterm Eterm All All All All
Application Eterm Eterm 0.9.2 All All All
Application Mrxvt Mrxvt 0.4.2 All All All
Application Mrxvt Mrxvt All All All All
Application Mrxvt Mrxvt 0.4.2 All All All
Application Multi-aterm Multi-aterm 0.0.1 All All All
Application Multi-aterm Multi-aterm 0.0.3 All All All
Application Multi-aterm Multi-aterm 0.0.4 All All All
Application Multi-aterm Multi-aterm 0.0.5 All All All
Application Multi-aterm Multi-aterm 0.1 All All All
Application Multi-aterm Multi-aterm All All All All
Application Multi-aterm Multi-aterm 0.0.1 All All All
Application Multi-aterm Multi-aterm 0.0.3 All All All
Application Multi-aterm Multi-aterm 0.0.4 All All All
Application Multi-aterm Multi-aterm 0.0.5 All All All
Application Multi-aterm Multi-aterm 0.1 All All All
Application Rxvt Rxvt 2.6.1 All All All
Application Rxvt Rxvt 2.6.2 All All All
Application Rxvt Rxvt 2.6.3 All All All
Application Rxvt Rxvt 2.6.4 All All All
Application Rxvt Rxvt 2.7.5 All All All
Application Rxvt Rxvt 2.7.6 All All All
Application Rxvt Rxvt 2.7.7 All All All
Application Rxvt Rxvt 2.7.8 All All All
Application Rxvt Rxvt 2.6.1 All All All
Application Rxvt Rxvt 2.6.2 All All All
Application Rxvt Rxvt 2.6.3 All All All
Application Rxvt Rxvt 2.6.4 All All All
Application Rxvt Rxvt 2.7.5 All All All
Application Rxvt Rxvt 2.7.6 All All All
Application Rxvt Rxvt 2.7.7 All All All
Application Rxvt Rxvt 2.7.8 All All All
Application Rxvt Rxvt All All All All
Application Rxvt-unicode Rxvt-unicode 1.0 All All All
Application Rxvt-unicode Rxvt-unicode 1.1 All All All
Application Rxvt-unicode Rxvt-unicode 1.2 All All All
Application Rxvt-unicode Rxvt-unicode 1.3 All All All
Application Rxvt-unicode Rxvt-unicode 1.4 All All All
Application Rxvt-unicode Rxvt-unicode 1.5 All All All
Application Rxvt-unicode Rxvt-unicode 1.6 All All All
Application Rxvt-unicode Rxvt-unicode 1.7 All All All
Application Rxvt-unicode Rxvt-unicode 1.8 All All All
Application Rxvt-unicode Rxvt-unicode 1.9 All All All
Application Rxvt-unicode Rxvt-unicode 1.91 All All All
Application Rxvt-unicode Rxvt-unicode 2.0 All All All
Application Rxvt-unicode Rxvt-unicode 2.1 All All All
Application Rxvt-unicode Rxvt-unicode 2.2 All All All
Application Rxvt-unicode Rxvt-unicode 2.3 All All All
Application Rxvt-unicode Rxvt-unicode 2.4 All All All
Application Rxvt-unicode Rxvt-unicode 2.5 All All All
Application Rxvt-unicode Rxvt-unicode 2.6 All All All
Application Rxvt-unicode Rxvt-unicode 2.7 All All All
Application Rxvt-unicode Rxvt-unicode 2.8 All All All
Application Rxvt-unicode Rxvt-unicode 2.9 All All All
Application Rxvt-unicode Rxvt-unicode 3.0 All All All
Application Rxvt-unicode Rxvt-unicode 3.1 All All All
Application Rxvt-unicode Rxvt-unicode 3.2 All All All
Application Rxvt-unicode Rxvt-unicode 3.3 All All All
Application Rxvt-unicode Rxvt-unicode 3.4 All All All
Application Rxvt-unicode Rxvt-unicode 3.5 All All All
Application Rxvt-unicode Rxvt-unicode 3.6 All All All
Application Rxvt-unicode Rxvt-unicode 3.7 All All All
Application Rxvt-unicode Rxvt-unicode 3.8 All All All
Application Rxvt-unicode Rxvt-unicode 3.9 All All All
Application Rxvt-unicode Rxvt-unicode 4.0 All All All
Application Rxvt-unicode Rxvt-unicode 4.1 All All All
Application Rxvt-unicode Rxvt-unicode 4.2 All All All
Application Rxvt-unicode Rxvt-unicode 4.3 All All All
Application Rxvt-unicode Rxvt-unicode 4.4 All All All
Application Rxvt-unicode Rxvt-unicode 4.5 All All All
Application Rxvt-unicode Rxvt-unicode 4.6 All All All
Application Rxvt-unicode Rxvt-unicode 4.7 All All All
Application Rxvt-unicode Rxvt-unicode 4.8 All All All
Application Rxvt-unicode Rxvt-unicode 4.9 All All All
Application Rxvt-unicode Rxvt-unicode 5.0 All All All
Application Rxvt-unicode Rxvt-unicode 5.1 All All All
Application Rxvt-unicode Rxvt-unicode 5.2 All All All
Application Rxvt-unicode Rxvt-unicode 5.3 All All All
Application Rxvt-unicode Rxvt-unicode 5.4 All All All
Application Rxvt-unicode Rxvt-unicode 5.5 All All All
Application Rxvt-unicode Rxvt-unicode 5.6 All All All
Application Rxvt-unicode Rxvt-unicode 5.7 All All All
Application Rxvt-unicode Rxvt-unicode 5.8 All All All
Application Rxvt-unicode Rxvt-unicode 5.9 All All All
Application Rxvt-unicode Rxvt-unicode 6.0 All All All
Application Rxvt-unicode Rxvt-unicode 6.1 All All All
Application Rxvt-unicode Rxvt-unicode 6.2 All All All
Application Rxvt-unicode Rxvt-unicode 6.3 All All All
Application Rxvt-unicode Rxvt-unicode 7.0 All All All
Application Rxvt-unicode Rxvt-unicode 7.1 All All All
Application Rxvt-unicode Rxvt-unicode 7.2 All All All
Application Rxvt-unicode Rxvt-unicode 7.3 All All All
Application Rxvt-unicode Rxvt-unicode 7.4 All All All
Application Rxvt-unicode Rxvt-unicode 7.5 All All All
Application Rxvt-unicode Rxvt-unicode 7.6 All All All
Application Rxvt-unicode Rxvt-unicode 7.7 All All All
Application Rxvt-unicode Rxvt-unicode 7.8 All All All
Application Rxvt-unicode Rxvt-unicode 7.9 All All All
Application Rxvt-unicode Rxvt-unicode 8.0 All All All
Application Rxvt-unicode Rxvt-unicode 8.1 All All All
Application Rxvt-unicode Rxvt-unicode 8.2 All All All
Application Rxvt-unicode Rxvt-unicode 8.3 All All All
Application Rxvt-unicode Rxvt-unicode 8.4 All All All
Application Rxvt-unicode Rxvt-unicode 8.5 All All All
Application Rxvt-unicode Rxvt-unicode 8.5a All All All
Application Rxvt-unicode Rxvt-unicode 8.6 All All All
Application Rxvt-unicode Rxvt-unicode 8.7 All All All
Application Rxvt-unicode Rxvt-unicode 8.8 All All All
Application Rxvt-unicode Rxvt-unicode 8.9 All All All
Application Rxvt-unicode Rxvt-unicode 9.0 All All All
Application Rxvt-unicode Rxvt-unicode 1.0 All All All
Application Rxvt-unicode Rxvt-unicode 1.1 All All All
Application Rxvt-unicode Rxvt-unicode 1.2 All All All
Application Rxvt-unicode Rxvt-unicode 1.3 All All All
Application Rxvt-unicode Rxvt-unicode 1.4 All All All
Application Rxvt-unicode Rxvt-unicode 1.5 All All All
Application Rxvt-unicode Rxvt-unicode 1.6 All All All
Application Rxvt-unicode Rxvt-unicode 1.7 All All All
Application Rxvt-unicode Rxvt-unicode 1.8 All All All
Application Rxvt-unicode Rxvt-unicode 1.9 All All All
Application Rxvt-unicode Rxvt-unicode 1.91 All All All
Application Rxvt-unicode Rxvt-unicode 2.0 All All All
Application Rxvt-unicode Rxvt-unicode 2.1 All All All
Application Rxvt-unicode Rxvt-unicode 2.2 All All All
Application Rxvt-unicode Rxvt-unicode 2.3 All All All
Application Rxvt-unicode Rxvt-unicode 2.4 All All All
Application Rxvt-unicode Rxvt-unicode 2.5 All All All
Application Rxvt-unicode Rxvt-unicode 2.6 All All All
Application Rxvt-unicode Rxvt-unicode 2.7 All All All
Application Rxvt-unicode Rxvt-unicode 2.8 All All All
Application Rxvt-unicode Rxvt-unicode 2.9 All All All
Application Rxvt-unicode Rxvt-unicode 3.0 All All All
Application Rxvt-unicode Rxvt-unicode 3.1 All All All
Application Rxvt-unicode Rxvt-unicode 3.2 All All All
Application Rxvt-unicode Rxvt-unicode 3.3 All All All
Application Rxvt-unicode Rxvt-unicode 3.4 All All All
Application Rxvt-unicode Rxvt-unicode 3.5 All All All
Application Rxvt-unicode Rxvt-unicode 3.6 All All All
Application Rxvt-unicode Rxvt-unicode 3.7 All All All
Application Rxvt-unicode Rxvt-unicode 3.8 All All All
Application Rxvt-unicode Rxvt-unicode 3.9 All All All
Application Rxvt-unicode Rxvt-unicode 4.0 All All All
Application Rxvt-unicode Rxvt-unicode 4.1 All All All
Application Rxvt-unicode Rxvt-unicode 4.2 All All All
Application Rxvt-unicode Rxvt-unicode 4.3 All All All
Application Rxvt-unicode Rxvt-unicode 4.4 All All All
Application Rxvt-unicode Rxvt-unicode 4.5 All All All
Application Rxvt-unicode Rxvt-unicode 4.6 All All All
Application Rxvt-unicode Rxvt-unicode 4.7 All All All
Application Rxvt-unicode Rxvt-unicode 4.8 All All All
Application Rxvt-unicode Rxvt-unicode 4.9 All All All
Application Rxvt-unicode Rxvt-unicode 5.0 All All All
Application Rxvt-unicode Rxvt-unicode 5.1 All All All
Application Rxvt-unicode Rxvt-unicode 5.2 All All All
Application Rxvt-unicode Rxvt-unicode 5.3 All All All
Application Rxvt-unicode Rxvt-unicode 5.4 All All All
Application Rxvt-unicode Rxvt-unicode 5.5 All All All
Application Rxvt-unicode Rxvt-unicode 5.6 All All All
Application Rxvt-unicode Rxvt-unicode 5.7 All All All
Application Rxvt-unicode Rxvt-unicode 5.8 All All All
Application Rxvt-unicode Rxvt-unicode 5.9 All All All
Application Rxvt-unicode Rxvt-unicode 6.0 All All All
Application Rxvt-unicode Rxvt-unicode 6.1 All All All
Application Rxvt-unicode Rxvt-unicode 6.2 All All All
Application Rxvt-unicode Rxvt-unicode 6.3 All All All
Application Rxvt-unicode Rxvt-unicode 7.0 All All All
Application Rxvt-unicode Rxvt-unicode 7.1 All All All
Application Rxvt-unicode Rxvt-unicode 7.2 All All All
Application Rxvt-unicode Rxvt-unicode 7.3 All All All
Application Rxvt-unicode Rxvt-unicode 7.4 All All All
Application Rxvt-unicode Rxvt-unicode 7.5 All All All
Application Rxvt-unicode Rxvt-unicode 7.6 All All All
Application Rxvt-unicode Rxvt-unicode 7.7 All All All
Application Rxvt-unicode Rxvt-unicode 7.8 All All All
Application Rxvt-unicode Rxvt-unicode 7.9 All All All
Application Rxvt-unicode Rxvt-unicode 8.0 All All All
Application Rxvt-unicode Rxvt-unicode 8.1 All All All
Application Rxvt-unicode Rxvt-unicode 8.2 All All All
Application Rxvt-unicode Rxvt-unicode 8.3 All All All
Application Rxvt-unicode Rxvt-unicode 8.4 All All All
Application Rxvt-unicode Rxvt-unicode 8.5 All All All
Application Rxvt-unicode Rxvt-unicode 8.5a All All All
Application Rxvt-unicode Rxvt-unicode 8.6 All All All
Application Rxvt-unicode Rxvt-unicode 8.7 All All All
Application Rxvt-unicode Rxvt-unicode 8.8 All All All
Application Rxvt-unicode Rxvt-unicode 8.9 All All All
Application Rxvt-unicode Rxvt-unicode 9.0 All All All
Application Rxvt-unicode Rxvt-unicode All All All All
Application Wterm Wterm 6.2.5 All All All
Application Wterm Wterm 6.2.6 All All All
Application Wterm Wterm 6.2.5 All All All
Application Wterm Wterm 6.2.6 All All All
Application Wterm Wterm All All All All

References

ReferenceSourceLinkTags
mrxvt X11 Display Security Issue - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com Vendor Advisory
[security-announce] SUSE Security Summary Report SUSE-SR:2008:017 SUSE lists.opensuse.org
Support / Security / Advisories / / MDVSA-2008:221 | Mandriva MANDRIVA www.mandriva.com
Gentoo update for aterm, eterm, rxvt, mrxvt, multi-aterm, wterm, and rxvt-unicode - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
#469296 - rxvt: [SECURITY] opens terminal on unspecified display - Debian Bug report logs CONFIRM bugs.debian.org Vendor Advisory
wterm X11 Display Security Issue - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Gmane -- Mail To News And Back Again MISC article.gmane.org
Support / Security / Advisories / / MDVSA-2008:161 | Mandriva MANDRIVA www.mandriva.com
rxvt-unicode X11 Display Security Issue - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
rxvt X11 Display Security Issue - Advisories - Secunia SECUNIA secunia.com Vendor Advisory
Multiple X11 terminals: Local privilege escalation — Gentoo Linux Documentation GENTOO security.gentoo.org
Multiple X11 Terminals Missing DISPLAY Variable Local Arbitrary Command Execution Vulnerability BID www.securityfocus.com Patch
aterm X11 Display Security Issue - Secunia Advisories - Vulnerability Intelligence - Secunia.com SECUNIA secunia.com Vendor Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Vendor Comments And Credit

OrganizationPublishedContributorStatement
Red Hat2008-04-14Joshua BressersRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1142 This issue does not affect Red Hat Enterprise Linux 3, 4, or 5. The Red Hat Security Response Team has rated this issue as having low security impact. Due to the minimal security consequences of this issue, we do not intend to fix this in Red Hat Enterprise Linux 2.1. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report