218241 – app-shells/mksh <33d privilege escalation (CVE-2008-1845)

Bug 218241 - app-shells/mksh <33d privilege escalation (CVE-2008-1845)

Summary: app-shells/mksh <33d privilege escalation (CVE-2008-1845)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~1? [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-04-18 09:40 UTC by Matthias Geerdsen (RETIRED)
Modified:	2008-04-18 13:49 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Geerdsen (RETIRED) gentoo-dev

2008-04-18 09:40:25 UTC

CVE-2008-1845 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1845):
  The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush
  the tty's I/O when invoking mksh in a new terminal, which allows local users
  to gain privileges by opening a virtual terminal and entering command
  sequences, which might later be executed in opportunistic circumstances by a
  different user who launches mksh and specifies that terminal with the -T
  option.

Comment 1 Hanno Böck gentoo-dev

2008-04-18 12:50:57 UTC

Bumped, as there's no stable keyworded version, no glsa needed, so everything should be done.