CVE-2008-1845

EUVD-2008-1845
The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
mirbsdmiros
𝑥
≤ 33
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mksh
bookworm
59c-28+deb12u1
fixed
bullseye
59c-9
fixed
sid
59c-39
fixed
trixie
59c-39
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mksh
dapper
ignored
feisty
ignored
gutsy
ignored
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
References
http://secunia.com/advisories/29803
http://www.mirbsd.org/mksh.htm#clog
http://www.osvdb.org/44365
http://www.securityfocus.com/bid/28768
https://exchange.xforce.ibmcloud.com/vulnerabilities/41794
http://secunia.com/advisories/29803
http://www.mirbsd.org/mksh.htm#clog
http://www.osvdb.org/44365
http://www.securityfocus.com/bid/28768
https://exchange.xforce.ibmcloud.com/vulnerabilities/41794