CVE-2010-4176 — Incorrect Default Permissions in Dracut

CWE-276 — Incorrect Default Permissions6 documents5 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 63.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Dracut

Timeline

PublishedDec 7

Latest updateMay 17

Description

plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

▶debiandebian/dracut

🔴Vulnerability Details

GHSA

GHSA-xg2p-fxvr-rv48: plymouth-pretrigger↗2022-05-17

▶

📋Vendor Advisories

Red Hat

dracut: /dev/systty permissions could allow remote users to snoop on local users↗2010-11-19

▶

Debian

CVE-2010-4176: dracut - plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, set...↗2010

▶

💬Community

Bugzilla

CVE-2010-4176 dracut: /dev/systty permissions could allow remote users to snoop on local users [fedora-all]↗2010-11-19

▶

Bugzilla

CVE-2010-4176 dracut: /dev/systty permissions could allow remote users to snoop on local users↗2010-11-18

▶