CVE-2010-4176

plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
dracut_projectdracut
-
udev_projectudev
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dracut
bullseye
051-1
fixed
bookworm
059-4
fixed
sid
103-2
fixed
trixie
103-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dracut
maverick
not-affected
lucid
dne
karmic
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html
http://secunia.com/advisories/42342
http://secunia.com/advisories/42451
http://www.securityfocus.com/bid/45046
http://www.vupen.com/english/advisories/2010/3062
http://www.vupen.com/english/advisories/2010/3110
https://bugzilla.redhat.com/show_bug.cgi?id=654489
https://bugzilla.redhat.com/show_bug.cgi?id=654935
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html
http://secunia.com/advisories/42342
http://secunia.com/advisories/42451
http://www.securityfocus.com/bid/45046
http://www.vupen.com/english/advisories/2010/3062
http://www.vupen.com/english/advisories/2010/3110
https://bugzilla.redhat.com/show_bug.cgi?id=654489
https://bugzilla.redhat.com/show_bug.cgi?id=654935