CVE-2008-0162

misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
sam_lantingasplitvt
𝑥
≤ 1.6.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
splitvt
bookworm
1.6.6-13
fixed
bullseye
1.6.6-13
fixed
sid
1.6.6-17
fixed
trixie
1.6.6-17
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
splitvt
jaunty
Fixed 1.6.6-4
released
intrepid
Fixed 1.6.6-4
released
hardy
Fixed 1.6.6-4
released
gutsy
ignored
feisty
ignored
edgy
ignored
dapper
Fixed 1.6.5-9etch1build0.6.06.1
released
Common Weakness Enumeration
References
http://secunia.com/advisories/29064
http://secunia.com/advisories/29080
http://secunia.com/advisories/29190
http://security.gentoo.org/glsa/glsa-200803-05.xml
http://www.debian.org/security/2008/dsa-1500
http://www.securityfocus.com/bid/27936
http://secunia.com/advisories/29064
http://secunia.com/advisories/29080
http://secunia.com/advisories/29190
http://security.gentoo.org/glsa/glsa-200803-05.xml
http://www.debian.org/security/2008/dsa-1500
http://www.securityfocus.com/bid/27936