CVE-2006-0126 - rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linu

CVE-2006-0126

Summary

rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices.

References

http://dist.schmorp.de/rxvt-unicode/Changes
http://secunia.com/advisories/18301
http://www.osvdb.org/22223
http://www.vupen.com/english/advisories/2006/0052

Vulnerable Configurations

cpe:2.3:a:rxvt-unicode:rxvt-unicode:*:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:*:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 08-03-2011 - 02:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	http://dist.schmorp.de/rxvt-unicode/Changes
osvdb	22223
secunia	18301
vupen	ADV-2006-0052

Last major update

08-03-2011 - 02:29

Published

09-01-2006 - 11:03

Last modified

08-03-2011 - 02:29