CVE-2008-1142
Last modified
CVE-2008-1142 is a vulnerability of currently unknown severity. rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Aterm | Aterm | <= 1.0.0 | — |
| Aterm | Aterm | 0.1.0 | — |
| Aterm | Aterm | 0.1.1 | — |
| Aterm | Aterm | 0.2.0 | — |
| Aterm | Aterm | 0.3.0 | — |
| Aterm | Aterm | 0.3.1 | — |
| Aterm | Aterm | 0.3.2 | — |
| Aterm | Aterm | 0.3.3 | — |
| Aterm | Aterm | 0.3.4 | — |
| Aterm | Aterm | 0.3.5 | — |
| Aterm | Aterm | 0.3.6 | — |
| Aterm | Aterm | 0.4.0 | — |
| Aterm | Aterm | 0.4.1 | — |
| Aterm | Aterm | 0.4.2 | — |
| Aterm | Aterm | 1.00 | Beta1 |
| Eterm | Eterm | <= 0.9.3 | — |
| Eterm | Eterm | 0.9.2 | — |
| Mrxvt | Mrxvt | <= 0.5.2 | — |
| Mrxvt | Mrxvt | 0.4.2 | — |
| Multi-Aterm | Multi-Aterm | <= 0.2 | — |
| Multi-Aterm | Multi-Aterm | 0.0.1 | — |
| Multi-Aterm | Multi-Aterm | 0.0.3 | — |
| Multi-Aterm | Multi-Aterm | 0.0.4 | — |
| Multi-Aterm | Multi-Aterm | 0.0.5 | — |
| Multi-Aterm | Multi-Aterm | 0.1 | — |
| Rxvt | Rxvt | <= 2.7.9 | — |
| Rxvt | Rxvt | 2.6.1 | — |
| Rxvt | Rxvt | 2.6.2 | — |
| Rxvt | Rxvt | 2.6.3 | — |
| Rxvt | Rxvt | 2.6.4 | — |
| Rxvt | Rxvt | 2.7.5 | — |
| Rxvt | Rxvt | 2.7.6 | — |
| Rxvt | Rxvt | 2.7.7 | — |
| Rxvt | Rxvt | 2.7.8 | — |
| Rxvt-Unicode | Rxvt-Unicode | <= 9.01 | — |
| Rxvt-Unicode | Rxvt-Unicode | 1.0 | — |
| Rxvt-Unicode | Rxvt-Unicode | 1.1 | — |
| Rxvt-Unicode | Rxvt-Unicode | 1.2 | — |
| Rxvt-Unicode | Rxvt-Unicode | 1.3 | — |
| Rxvt-Unicode | Rxvt-Unicode | 1.4 | — |
| Rxvt-Unicode | Rxvt-Unicode | 1.5 | — |
| Rxvt-Unicode | Rxvt-Unicode | 1.6 | — |
| Rxvt-Unicode | Rxvt-Unicode | 1.7 | — |
| Rxvt-Unicode | Rxvt-Unicode | 1.8 | — |
| Rxvt-Unicode | Rxvt-Unicode | 1.9 | — |
| Rxvt-Unicode | Rxvt-Unicode | 1.91 | — |
| Rxvt-Unicode | Rxvt-Unicode | 2.0 | — |
| Rxvt-Unicode | Rxvt-Unicode | 2.1 | — |
| Rxvt-Unicode | Rxvt-Unicode | 2.2 | — |
| Rxvt-Unicode | Rxvt-Unicode | 2.3 | — |
Showing 50 of 115 affected configurations. See NVD for the full list.
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296Vendor Advisory
- http://secunia.com/advisories/29576Vendor Advisory
- http://secunia.com/advisories/30224Vendor Advisory
- http://secunia.com/advisories/30225Vendor Advisory
- http://secunia.com/advisories/30226Vendor Advisory
- http://secunia.com/advisories/30227Vendor Advisory
- http://secunia.com/advisories/30229Vendor Advisory
- http://secunia.com/advisories/31687Vendor Advisory
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296Vendor Advisory
- http://secunia.com/advisories/29576Vendor Advisory
- http://secunia.com/advisories/30224Vendor Advisory
- http://secunia.com/advisories/30225Vendor Advisory
- http://secunia.com/advisories/30226Vendor Advisory
- http://secunia.com/advisories/30227Vendor Advisory
- http://secunia.com/advisories/30229Vendor Advisory
- http://secunia.com/advisories/31687Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-1142?
How severe is CVE-2008-1142?
How do I fix CVE-2008-1142?
Are you affected by CVE-2008-1142?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST