CVE-2008-1692 — Eterm vulnerability

CWE-2646 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 86.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eterm Debian Eterm

Timeline

PublishedApr 7

Latest updateMay 1

Description

Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/eterm< eterm 0.9.4.0debian1-2.1 (bookworm)

▶Debianeterm/eterm< 0.9.4.0debian1-2.1+2

▶NVDeterm/eterm0.9.4

🔴Vulnerability Details

GHSA

GHSA-gg62-cc3q-cr2x: Eterm 0↗2022-05-01

▶

OSV

CVE-2008-1692: Eterm 0↗2008-04-07

▶

📋Vendor Advisories

Red Hat

eterm: unsafe defaulting to using :0 when DISPLAY is unset↗2008-03-27

▶

Debian

CVE-2008-1692: eterm - Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the D...↗2008

▶

💬Community

Bugzilla

CVE-2008-1692 eterm: unsafe defaulting to using :0 when DISPLAY is unset↗2008-04-08

▶