CVE-2006-0126 — Rxvt-unicode vulnerability

5 documents5 sources

Severity

4.6MEDIUMNVD

EPSS

0.0%

top 85.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rxvt-unicode Project Rxvt-unicode Debian Rxvt-unicode Rxvt-unicode

Timeline

PublishedJan 9

Latest updateMay 1

Description

rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/rxvt-unicode< rxvt-unicode 6.3-1 (bookworm)

▶Debianrxvt-unicode_project/rxvt-unicode< 6.3-1+3

▶NVDrxvt-unicode/rxvt-unicode6.2

Patches

Patch: secunia.com ↗Patch: www.osvdb.org ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-2j8h-ghpm-93v6: rxvt-unicode before 6↗2022-05-01

▶

OSV

CVE-2006-0126: rxvt-unicode before 6↗2006-01-09

▶

💥Exploits & PoCs

Exploit-DB

Opera 9.10 - '.jpg' Image DHT Marker Heap Corruption↗2007-01-08

▶

📋Vendor Advisories

Debian

CVE-2006-0126: rxvt-unicode - rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty ...↗2006

▶