Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 219762 - x11-terms/wterm < 6.2.9-r3 X11 Display Security Issue (CVE-2008-1142)
Summary: x11-terms/wterm < 6.2.9-r3 X11 Display Security Issue (CVE-2008-1142)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2008-04-29 19:51 UTC by Matt Fleming (RETIRED)
Modified: 2008-05-07 18:59 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Matt Fleming (RETIRED) gentoo-dev 2008-04-29 19:51:40 UTC
wterm is vulnerable to the same X11 Display issue as rxvt,

"The security issue is caused due to the program using ":0" as it's X11 display
if the DISPLAY environment variable is missing. This can be exploited to
execute arbitrary commands with the privileges of the user running rxvt via a
malicious X server."

rxvt bug #217819
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2008-05-03 13:44:34 UTC
Patch committed.

Arches, please test and mark stable:
Target keywords : "ppc release sparc x86"
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2008-05-03 15:48:27 UTC
x86 stable
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2008-05-05 13:21:21 UTC
sparc stable
Comment 4 Brent Baude (RETIRED) gentoo-dev 2008-05-05 14:18:49 UTC
ppc stable
Comment 5 Peter Volkov (RETIRED) gentoo-dev 2008-05-05 19:21:54 UTC
Fixed in release snapshot.
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2008-05-07 18:59:49 UTC
GLSA 200805-03