Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
3.7
CVSSv2

CVE-2008-1142

Published: 07/04/2008 Updated: 26/02/2009
CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9
VMScore: 329
Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Vulnerable Product Search on Vulmon Subscribe to Product

rxvt-unicode rxvt-unicode 2.5

aterm aterm 0.3.1

rxvt rxvt 2.7.5

rxvt-unicode rxvt-unicode

multi-aterm multi-aterm 0.0.5

aterm aterm 1.00

rxvt-unicode rxvt-unicode 1.3

rxvt-unicode rxvt-unicode 3.4

rxvt-unicode rxvt-unicode 5.1

rxvt-unicode rxvt-unicode 7.2

rxvt-unicode rxvt-unicode 2.3

rxvt-unicode rxvt-unicode 3.1

rxvt-unicode rxvt-unicode 1.8

rxvt-unicode rxvt-unicode 5.0

rxvt-unicode rxvt-unicode 3.9

rxvt-unicode rxvt-unicode 4.0

rxvt-unicode rxvt-unicode 7.1

rxvt-unicode rxvt-unicode 5.5

rxvt-unicode rxvt-unicode 6.2

rxvt rxvt

multi-aterm multi-aterm 0.0.1

rxvt rxvt 2.6.4

rxvt-unicode rxvt-unicode 5.4

rxvt-unicode rxvt-unicode 7.0

aterm aterm 0.3.3

rxvt-unicode rxvt-unicode 2.8

aterm aterm 0.4.0

rxvt-unicode rxvt-unicode 4.2

multi-aterm multi-aterm

rxvt-unicode rxvt-unicode 2.0

rxvt-unicode rxvt-unicode 8.1

rxvt-unicode rxvt-unicode 5.3

rxvt rxvt 2.7.8

rxvt rxvt 2.6.1

aterm aterm 0.1.0

rxvt-unicode rxvt-unicode 1.0

rxvt-unicode rxvt-unicode 1.91

aterm aterm

rxvt-unicode rxvt-unicode 5.6

rxvt-unicode rxvt-unicode 2.6

eterm eterm

rxvt-unicode rxvt-unicode 7.7

rxvt-unicode rxvt-unicode 3.3

rxvt-unicode rxvt-unicode 7.5

rxvt-unicode rxvt-unicode 2.4

rxvt-unicode rxvt-unicode 8.3

rxvt-unicode rxvt-unicode 7.8

rxvt-unicode rxvt-unicode 4.4

aterm aterm 0.3.6

rxvt rxvt 2.7.6

rxvt-unicode rxvt-unicode 4.3

aterm aterm 0.3.4

aterm aterm 0.1.1

aterm aterm 0.3.0

multi-aterm multi-aterm 0.1

rxvt-unicode rxvt-unicode 1.5

rxvt-unicode rxvt-unicode 8.9

mrxvt mrxvt 0.4.2

rxvt-unicode rxvt-unicode 8.8

rxvt-unicode rxvt-unicode 2.1

rxvt-unicode rxvt-unicode 3.2

rxvt rxvt 2.7.7

multi-aterm multi-aterm 0.0.3

rxvt-unicode rxvt-unicode 2.2

rxvt-unicode rxvt-unicode 4.8

rxvt-unicode rxvt-unicode 1.1

rxvt-unicode rxvt-unicode 6.3

rxvt-unicode rxvt-unicode 4.7

wterm wterm

rxvt-unicode rxvt-unicode 5.8

aterm aterm 0.3.2

mrxvt mrxvt

eterm eterm 0.9.2

rxvt-unicode rxvt-unicode 3.6

wterm wterm 6.2.6

rxvt-unicode rxvt-unicode 5.9

rxvt-unicode rxvt-unicode 3.8

rxvt-unicode rxvt-unicode 8.5

rxvt-unicode rxvt-unicode 8.4

rxvt-unicode rxvt-unicode 1.6

rxvt-unicode rxvt-unicode 4.5

rxvt-unicode rxvt-unicode 3.7

rxvt-unicode rxvt-unicode 4.1

rxvt-unicode rxvt-unicode 8.7

rxvt-unicode rxvt-unicode 6.0

aterm aterm 0.4.1

wterm wterm 6.2.5

multi-aterm multi-aterm 0.0.4

rxvt rxvt 2.6.2

rxvt-unicode rxvt-unicode 7.3

aterm aterm 0.3.5

rxvt-unicode rxvt-unicode 2.7

aterm aterm 0.2.0

rxvt-unicode rxvt-unicode 8.5a

rxvt-unicode rxvt-unicode 5.2

rxvt-unicode rxvt-unicode 6.1

aterm aterm 0.4.2

rxvt-unicode rxvt-unicode 8.6

rxvt rxvt 2.6.3

rxvt-unicode rxvt-unicode 4.9

rxvt-unicode rxvt-unicode 1.7

rxvt-unicode rxvt-unicode 2.9

rxvt-unicode rxvt-unicode 7.4

rxvt-unicode rxvt-unicode 9.0

rxvt-unicode rxvt-unicode 7.9

rxvt-unicode rxvt-unicode 7.6

rxvt-unicode rxvt-unicode 8.2

rxvt-unicode rxvt-unicode 5.7

rxvt-unicode rxvt-unicode 4.6

rxvt-unicode rxvt-unicode 3.5

rxvt-unicode rxvt-unicode 8.0

rxvt-unicode rxvt-unicode 3.0

rxvt-unicode rxvt-unicode 1.4

rxvt-unicode rxvt-unicode 1.9

rxvt-unicode rxvt-unicode 1.2

References

CWE-264http://article.gmane.org/gmane.comp.security.oss.general/122http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296http://secunia.com/advisories/29576http://security.gentoo.org/glsa/glsa-200805-03.xmlhttp://secunia.com/advisories/30224http://secunia.com/advisories/30225http://secunia.com/advisories/30226http://secunia.com/advisories/30227http://secunia.com/advisories/30229http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:161http://secunia.com/advisories/31687http://www.securityfocus.com/bid/28512http://www.mandriva.com/security/advisories?name=MDVSA-2008:221https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995CVE-2024-36680CVE-2024-35537unauthorizedCVE-2024-21518CVE-2024-37673cross-site scriptingSSRFCVE-2024-6241
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook