CVE-2008-1692

EUVD-2008-1693
Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.  NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
etermeterm
0.9.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
eterm
bookworm
0.9.6-7
fixed
bullseye
0.9.6-6.1
fixed
sid
0.9.6-7.2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eterm
dapper
ignored
edgy
ignored
feisty
ignored
gutsy
ignored
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473127
http://secunia.com/advisories/29577
http://security.gentoo.org/glsa/glsa-200805-03.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:222
http://www.securityfocus.com/bid/28512
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473127
http://secunia.com/advisories/29577
http://security.gentoo.org/glsa/glsa-200805-03.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:222
http://www.securityfocus.com/bid/28512