oss-sec mailing list archives
Re: request CVE id: insecure handling of DISPLAY in rxvt
From: Matthieu Herrb <matthieu.herrb () laas fr>
Date: Wed, 05 Mar 2008 09:42:59 +0100
Nico Golde wrote:
Hi all, Steve, can I get a CVE id for the following issue in rxvt?"If the DISPLAY environment is not set, rxvt opens an xterm on :0, which on some headless login-server means anyone can setup an fake X server waiting for someone loggin in without X forwarding to start rxvt by some mistake or by some program (thus without even noticing) and getting full shell access to that other account."This is Debian bug 469296[0].It should be a good idea to check other terminal emulators as well.[0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296
I don't understand how that's an issue with rxvt. If you "fix" the terminal emulator not to that, yo can still run rxvt -display :0 or env DISPLAY=:0 rxvt.
But then I also don't understant what you mean by "setup an fake X server waiting for someone loggin in..."
Could you describe the attack scenario in a bit more details? -- Matthieu Herrb
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steven M. Christey (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Tomas Hoger (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 05)
- wiki: Debian, auditing tools, vendor-sec Solar Designer (Mar 05)
- Re: wiki: Debian, auditing tools, vendor-sec Steve Kemp (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steven M. Christey (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Bernhard R. Link (Mar 28)