CVE-2008-1845
published 2008-04-16CVE-2008-1845: The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain…
PriorityP425high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.33%
24.9th percentile
The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mksh | < mksh 33.4-1 (bookworm) | mksh 33.4-1 (bookworm) |
| mirbsd | miros | <= 33 | — |
| mirbsd | miros | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2LOW
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v8fp-2p2f-6r3c: The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local user
ghsa_unreviewed·2022-05-01
CVE-2008-1845 [HIGH] GHSA-v8fp-2p2f-6r3c: The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local user
The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.
OSV
CVE-2008-1845: The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local user
osv·2008-04-16·CVSS 7.2
CVE-2008-1845 [HIGH] CVE-2008-1845: The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local user
The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.
Red Hat
mksh: privilege escalation via unflushed tty
vendor_redhat·2008-04-16·CVSS 7.2
CVE-2008-1845 [HIGH] mksh: privilege escalation via unflushed tty
mksh: privilege escalation via unflushed tty
The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.
Debian
CVE-2008-1845: mksh - The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the t...
vendor_debian·2008·CVSS 7.2
CVE-2008-1845 [HIGH] CVE-2008-1845: mksh - The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the t...
The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.
Scope: local
bookworm: resolved (fixed in 33.4-1)
bullseye: resolved (fixed in 33.4-1)
forky: resolved (fixed in 33.4-1)
sid: resolved (fixed in 33.4-1)
trixie: resolved (fixed in 33.4-1)
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/29803http://www.mirbsd.org/mksh.htm#cloghttp://www.osvdb.org/44365http://www.securityfocus.com/bid/28768https://exchange.xforce.ibmcloud.com/vulnerabilities/41794http://secunia.com/advisories/29803http://www.mirbsd.org/mksh.htm#cloghttp://www.osvdb.org/44365http://www.securityfocus.com/bid/28768https://exchange.xforce.ibmcloud.com/vulnerabilities/41794
2008-04-16
Published