Описание
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Patch
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.0 (включая)Версия до 0.9.3 (включая)Версия до 0.5.2 (включая)Версия до 0.2 (включая)Версия до 2.7.9 (включая)Версия до 9.01 (включая)Версия до 6.2.8a2 (включая)
Одно из
cpe:2.3:a:aterm:aterm:*:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.3.4:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.3.5:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.3.6:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:1.00:beta1:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:1.00:beta2:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:1.00:beta3:*:*:*:*:*:*
cpe:2.3:a:aterm:aterm:1.00:beta4:*:*:*:*:*:*
cpe:2.3:a:eterm:eterm:*:*:*:*:*:*:*:*
cpe:2.3:a:eterm:eterm:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mrxvt:mrxvt:*:*:*:*:*:*:*:*
cpe:2.3:a:mrxvt:mrxvt:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:multi-aterm:multi-aterm:*:*:*:*:*:*:*:*
cpe:2.3:a:multi-aterm:multi-aterm:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:multi-aterm:multi-aterm:0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:multi-aterm:multi-aterm:0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:multi-aterm:multi-aterm:0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:multi-aterm:multi-aterm:0.1:*:*:*:*:*:*:*
cpe:2.3:a:rxvt:rxvt:*:*:*:*:*:*:*:*
cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:*:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.0:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.1:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.2:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.3:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.4:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.5:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.6:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.7:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.8:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.9:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.91:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.0:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.1:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.2:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.3:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.4:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.5:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.6:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.7:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.8:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.9:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.0:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.1:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.2:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.3:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.4:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.5:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.6:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.7:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.8:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.9:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.0:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.1:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.2:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.3:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.4:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.5:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.6:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.7:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.8:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.9:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.0:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.1:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.2:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.3:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.4:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.5:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.6:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.7:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.8:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.9:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.0:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.1:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.2:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.3:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.0:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.1:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.2:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.3:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.4:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.5:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.6:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.7:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.8:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.9:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.0:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.1:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.2:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.3:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.4:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.5:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.5a:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.6:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.7:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.8:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.9:*:*:*:*:*:*:*
cpe:2.3:a:rxvt-unicode:rxvt-unicode:9.0:*:*:*:*:*:*:*
cpe:2.3:a:wterm:wterm:*:*:*:*:*:*:*:*
cpe:2.3:a:wterm:wterm:6.2.5:*:*:*:*:*:*:*
cpe:2.3:a:wterm:wterm:6.2.6:*:*:*:*:*:*:*
EPSS
Процентиль: 20%
0.00064
Низкий
3.7 Low
CVSS2
Дефекты
CWE-264
Связанные уязвимости
ubuntu
больше 17 лет назад
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
redhat
больше 17 лет назад
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
debian
больше 17 лет назад
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment va ...
github
больше 3 лет назад
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.
EPSS
Процентиль: 20%
0.00064
Низкий
3.7 Low
CVSS2
Дефекты
CWE-264