ID CVE-2007-2797
Summary xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.
References
Vulnerable Configurations
  • cpe:2.3:a:xterm:xterm:192-7.el4:*:*:*:*:*:*:*
    cpe:2.3:a:xterm:xterm:192-7.el4:*:*:*:*:*:*:*
  • cpe:2.3:a:xterm:xterm:208-3.1:*:*:*:*:*:*:*
    cpe:2.3:a:xterm:xterm:208-3.1:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 16-10-2018 - 16:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
assigner via4 cve@mitre.org
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:P/A:N
non_vulnerable_configuration via4
  • cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
oval via4
accepted 2013-04-29T04:05:31.362-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.
family unix
id oval:org.mitre.oval:def:10421
status accepted
submitted 2010-07-09T03:56:16-04:00
title xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.
version 23
redhat via4
advisories
bugzilla
id 239070
title ttings for the tty (mesg: error: tty device is not owned by group `tty')
oval
AND
  • comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhba:tst:20070304001
  • comment xterm is earlier than 0:192-8.el4
    oval oval:com.redhat.rhsa:tst:20070701002
  • comment xterm is signed with Red Hat master key
    oval oval:com.redhat.rhsa:tst:20070701003
rhsa
id RHSA-2007:0701
released 2007-11-15
severity Low
title RHSA-2007:0701: xterm security update (Low)
rpms xterm-0:192-8.el4
refmap via4
bid 26710
bugtraq
  • 20070823 FLEA-2007-0048-1 xterm
  • 20070823 rPSA-2007-0169-1 xterm
confirm
misc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349924
secunia
  • 26562
  • 27617
  • 27921
sreason 3066
vulnerable_product via4
    Last major update 16-10-2018 - 16:45
    Published 27-08-2007 - 17:17
    Back to Top