Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 219762

Summary: x11-terms/wterm < 6.2.9-r3 X11 Display Security Issue (CVE-2008-1142)
Product: Gentoo Security Reporter: Matt Fleming (RETIRED) <mjf>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: maintainer-needed
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/29576
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Matt Fleming (RETIRED) gentoo-dev 2008-04-29 19:51:40 UTC
wterm is vulnerable to the same X11 Display issue as rxvt,

"The security issue is caused due to the program using ":0" as it's X11 display
if the DISPLAY environment variable is missing. This can be exploited to
execute arbitrary commands with the privileges of the user running rxvt via a
malicious X server."

rxvt bug #217819
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2008-05-03 13:44:34 UTC
Patch committed.

Arches, please test and mark stable:
=x11-terms/wterm-6.2.9-r3
Target keywords : "ppc release sparc x86"
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2008-05-03 15:48:27 UTC
x86 stable
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2008-05-05 13:21:21 UTC
sparc stable
Comment 4 Brent Baude (RETIRED) gentoo-dev 2008-05-05 14:18:49 UTC
ppc stable
Comment 5 Peter Volkov (RETIRED) gentoo-dev 2008-05-05 19:21:54 UTC
Fixed in release snapshot.
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2008-05-07 18:59:49 UTC
GLSA 200805-03