rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
aterm aterm 1.00 |
||
eterm eterm 0.9.2 |
||
mrxvt mrxvt 0.4.2 |
||
mrxvt mrxvt |
||
eterm eterm |
||
rxvt rxvt 2.7.8 |
||
rxvt rxvt |
||
rxvt-unicode rxvt-unicode |
||
rxvt-unicode rxvt-unicode 9.0 |
||
rxvt-unicode rxvt-unicode 7.8 |
||
rxvt-unicode rxvt-unicode 7.7 |
||
rxvt-unicode rxvt-unicode 7.6 |
||
rxvt-unicode rxvt-unicode 7.5 |
||
rxvt-unicode rxvt-unicode 5.5 |
||
rxvt-unicode rxvt-unicode 5.4 |
||
rxvt-unicode rxvt-unicode 5.3 |
||
rxvt-unicode rxvt-unicode 5.2 |
||
rxvt-unicode rxvt-unicode 3.8 |
||
rxvt-unicode rxvt-unicode 3.7 |
||
rxvt-unicode rxvt-unicode 3.6 |
||
rxvt-unicode rxvt-unicode 3.5 |
||
rxvt-unicode rxvt-unicode 2.2 |
||
rxvt-unicode rxvt-unicode 2.1 |
||
rxvt-unicode rxvt-unicode 2.0 |
||
rxvt-unicode rxvt-unicode 1.91 |
||
rxvt-unicode rxvt-unicode 1.9 |
||
aterm aterm 0.4.2 |
||
aterm aterm 0.3.6 |
||
aterm aterm 0.1.1 |
||
aterm aterm 0.1.0 |
||
aterm aterm |
||
multi-aterm multi-aterm 0.1 |
||
rxvt rxvt 2.6.1 |
||
rxvt rxvt 2.7.6 |
||
rxvt-unicode rxvt-unicode 8.8 |
||
rxvt-unicode rxvt-unicode 8.6 |
||
rxvt-unicode rxvt-unicode 8.2 |
||
rxvt-unicode rxvt-unicode 8.0 |
||
rxvt-unicode rxvt-unicode 7.3 |
||
rxvt-unicode rxvt-unicode 7.1 |
||
rxvt-unicode rxvt-unicode 5.8 |
||
rxvt-unicode rxvt-unicode 5.6 |
||
rxvt-unicode rxvt-unicode 5.1 |
||
rxvt-unicode rxvt-unicode 4.9 |
||
rxvt-unicode rxvt-unicode 4.2 |
||
rxvt-unicode rxvt-unicode 4.0 |
||
rxvt-unicode rxvt-unicode 3.3 |
||
rxvt-unicode rxvt-unicode 3.1 |
||
rxvt-unicode rxvt-unicode 2.6 |
||
rxvt-unicode rxvt-unicode 2.4 |
||
rxvt-unicode rxvt-unicode 1.8 |
||
rxvt-unicode rxvt-unicode 1.6 |
||
wterm wterm |
||
wterm wterm 6.2.5 |
||
aterm aterm 0.3.5 |
||
aterm aterm 0.3.4 |
||
aterm aterm 0.3.3 |
||
aterm aterm 0.3.2 |
||
aterm aterm 0.3.1 |
||
multi-aterm multi-aterm 0.0.4 |
||
multi-aterm multi-aterm 0.0.3 |
||
multi-aterm multi-aterm 0.0.1 |
||
rxvt rxvt 2.6.3 |
||
rxvt-unicode rxvt-unicode 8.5a |
||
rxvt-unicode rxvt-unicode 8.5 |
||
rxvt-unicode rxvt-unicode 8.4 |
||
rxvt-unicode rxvt-unicode 8.3 |
||
rxvt-unicode rxvt-unicode 6.3 |
||
rxvt-unicode rxvt-unicode 6.2 |
||
rxvt-unicode rxvt-unicode 6.1 |
||
rxvt-unicode rxvt-unicode 6.0 |
||
rxvt-unicode rxvt-unicode 4.7 |
||
rxvt-unicode rxvt-unicode 4.6 |
||
rxvt-unicode rxvt-unicode 4.5 |
||
rxvt-unicode rxvt-unicode 4.4 |
||
rxvt-unicode rxvt-unicode 4.3 |
||
rxvt-unicode rxvt-unicode 3.0 |
||
rxvt-unicode rxvt-unicode 2.9 |
||
rxvt-unicode rxvt-unicode 2.8 |
||
rxvt-unicode rxvt-unicode 2.7 |
||
rxvt-unicode rxvt-unicode 1.4 |
||
rxvt-unicode rxvt-unicode 1.3 |
||
rxvt-unicode rxvt-unicode 1.2 |
||
rxvt-unicode rxvt-unicode 1.1 |
||
rxvt rxvt 2.6.4 |
||
aterm aterm 0.4.1 |
||
aterm aterm 0.4.0 |
||
aterm aterm 0.3.0 |
||
aterm aterm 0.2.0 |
||
multi-aterm multi-aterm |
||
multi-aterm multi-aterm 0.0.5 |
||
rxvt rxvt 2.6.2 |
||
rxvt rxvt 2.7.5 |
||
rxvt rxvt 2.7.7 |
||
rxvt-unicode rxvt-unicode 8.9 |
||
rxvt-unicode rxvt-unicode 8.7 |
||
rxvt-unicode rxvt-unicode 8.1 |
||
rxvt-unicode rxvt-unicode 7.9 |
||
rxvt-unicode rxvt-unicode 7.4 |
||
rxvt-unicode rxvt-unicode 7.2 |
||
rxvt-unicode rxvt-unicode 7.0 |
||
rxvt-unicode rxvt-unicode 5.9 |
||
rxvt-unicode rxvt-unicode 5.7 |
||
rxvt-unicode rxvt-unicode 5.0 |
||
rxvt-unicode rxvt-unicode 4.8 |
||
rxvt-unicode rxvt-unicode 4.1 |
||
rxvt-unicode rxvt-unicode 3.9 |
||
rxvt-unicode rxvt-unicode 3.4 |
||
rxvt-unicode rxvt-unicode 3.2 |
||
rxvt-unicode rxvt-unicode 2.5 |
||
rxvt-unicode rxvt-unicode 2.3 |
||
rxvt-unicode rxvt-unicode 1.7 |
||
rxvt-unicode rxvt-unicode 1.5 |
||
rxvt-unicode rxvt-unicode 1.0 |
||
wterm wterm 6.2.6 |