[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#469296: rxvt: [SECURITY] opens terminal on unspecified display

Package: rxvt
Version: 1:2.6.4-12
Severity: grave
Tags: security

If the DISPLAY environment is not set, rxvt opens an xterm on :0,
which on some headless login-server means anyone can setup an
fake X server waiting for someone loggin in without X forwarding
to start rxvt by some mistake or by some program (thus without even
noticing) and getting full shell access to that other account.

	Bernhard R. Link

Reply to: