Bug#469296: rxvt: [SECURITY] opens terminal on unspecified display

To: submit@bugs.debian.org
Subject: Bug#469296: rxvt: [SECURITY] opens terminal on unspecified display
From: "Bernhard R. Link" <brlink@debian.org>
Date: Tue, 4 Mar 2008 14:30:38 +0100
Message-id: <[🔎] 20080304133038.GA4759@pcpool00.mathematik.uni-freiburg.de>
Reply-to: "Bernhard R. Link" <brlink@debian.org>, 469296@bugs.debian.org

Package: rxvt
Version: 1:2.6.4-12
Severity: grave
Tags: security

If the DISPLAY environment is not set, rxvt opens an xterm on :0,
which on some headless login-server means anyone can setup an
fake X server waiting for someone loggin in without X forwarding
to start rxvt by some mistake or by some program (thus without even
noticing) and getting full shell access to that other account.

Hochachtungsvoll,
	Bernhard R. Link

Reply to:

Prev by Date: Re: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 packages fix several issues
Next by Date: Re: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 packages fix several issues
Previous by thread: Re: [SECURITY] [DSA 1503-1] New Linux kernel 2.4.27 packages fix several issues
Next by thread: Is oldstable security support duration something to be proud of?
Index(es):
- Date
- Thread