3.7

CVE-2008-1142

EPSS 0.06%
Published 07.04.2008 17:44:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections.  NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected.  NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Aterm ≫ Aterm Version <= 1.0.0

Aterm ≫ Aterm Version0.1.0

Aterm ≫ Aterm Version0.1.1

Aterm ≫ Aterm Version0.2.0

Aterm ≫ Aterm Version0.3.0

Aterm ≫ Aterm Version0.3.1

Aterm ≫ Aterm Version0.3.2

Aterm ≫ Aterm Version0.3.3

Aterm ≫ Aterm Version0.3.4

Aterm ≫ Aterm Version0.3.5

Aterm ≫ Aterm Version0.3.6

Aterm ≫ Aterm Version0.4.0

Aterm ≫ Aterm Version0.4.1

Aterm ≫ Aterm Version0.4.2

Aterm ≫ Aterm Version1.00 Updatebeta1

Aterm ≫ Aterm Version1.00 Updatebeta2

Aterm ≫ Aterm Version1.00 Updatebeta3

Aterm ≫ Aterm Version1.00 Updatebeta4

Eterm ≫ Eterm Version <= 0.9.3

Eterm ≫ Eterm Version0.9.2

Mrxvt ≫ Mrxvt Version <= 0.5.2

Mrxvt ≫ Mrxvt Version0.4.2

Multi-aterm ≫ Multi-aterm Version <= 0.2

Multi-aterm ≫ Multi-aterm Version0.0.1

Multi-aterm ≫ Multi-aterm Version0.0.3

Multi-aterm ≫ Multi-aterm Version0.0.4

Multi-aterm ≫ Multi-aterm Version0.0.5

Multi-aterm ≫ Multi-aterm Version0.1

Rxvt ≫ Rxvt Version <= 2.7.9

Rxvt ≫ Rxvt Version2.6.1

Rxvt ≫ Rxvt Version2.6.2

Rxvt ≫ Rxvt Version2.6.3

Rxvt ≫ Rxvt Version2.6.4

Rxvt ≫ Rxvt Version2.7.5

Rxvt ≫ Rxvt Version2.7.6

Rxvt ≫ Rxvt Version2.7.7

Rxvt ≫ Rxvt Version2.7.8

Rxvt-unicode ≫ Rxvt-unicode Version <= 9.01

Rxvt-unicode ≫ Rxvt-unicode Version1.0

Rxvt-unicode ≫ Rxvt-unicode Version1.1

Rxvt-unicode ≫ Rxvt-unicode Version1.2

Rxvt-unicode ≫ Rxvt-unicode Version1.3

Rxvt-unicode ≫ Rxvt-unicode Version1.4

Rxvt-unicode ≫ Rxvt-unicode Version1.5

Rxvt-unicode ≫ Rxvt-unicode Version1.6

Rxvt-unicode ≫ Rxvt-unicode Version1.7

Rxvt-unicode ≫ Rxvt-unicode Version1.8

Rxvt-unicode ≫ Rxvt-unicode Version1.9

Rxvt-unicode ≫ Rxvt-unicode Version1.91

Rxvt-unicode ≫ Rxvt-unicode Version2.0

Rxvt-unicode ≫ Rxvt-unicode Version2.1

Rxvt-unicode ≫ Rxvt-unicode Version2.2

Rxvt-unicode ≫ Rxvt-unicode Version2.3

Rxvt-unicode ≫ Rxvt-unicode Version2.4

Rxvt-unicode ≫ Rxvt-unicode Version2.5

Rxvt-unicode ≫ Rxvt-unicode Version2.6

Rxvt-unicode ≫ Rxvt-unicode Version2.7

Rxvt-unicode ≫ Rxvt-unicode Version2.8

Rxvt-unicode ≫ Rxvt-unicode Version2.9

Rxvt-unicode ≫ Rxvt-unicode Version3.0

Rxvt-unicode ≫ Rxvt-unicode Version3.1

Rxvt-unicode ≫ Rxvt-unicode Version3.2

Rxvt-unicode ≫ Rxvt-unicode Version3.3

Rxvt-unicode ≫ Rxvt-unicode Version3.4

Rxvt-unicode ≫ Rxvt-unicode Version3.5

Rxvt-unicode ≫ Rxvt-unicode Version3.6

Rxvt-unicode ≫ Rxvt-unicode Version3.7

Rxvt-unicode ≫ Rxvt-unicode Version3.8

Rxvt-unicode ≫ Rxvt-unicode Version3.9

Rxvt-unicode ≫ Rxvt-unicode Version4.0

Rxvt-unicode ≫ Rxvt-unicode Version4.1

Rxvt-unicode ≫ Rxvt-unicode Version4.2

Rxvt-unicode ≫ Rxvt-unicode Version4.3

Rxvt-unicode ≫ Rxvt-unicode Version4.4

Rxvt-unicode ≫ Rxvt-unicode Version4.5

Rxvt-unicode ≫ Rxvt-unicode Version4.6

Rxvt-unicode ≫ Rxvt-unicode Version4.7

Rxvt-unicode ≫ Rxvt-unicode Version4.8

Rxvt-unicode ≫ Rxvt-unicode Version4.9

Rxvt-unicode ≫ Rxvt-unicode Version5.0

Rxvt-unicode ≫ Rxvt-unicode Version5.1

Rxvt-unicode ≫ Rxvt-unicode Version5.2

Rxvt-unicode ≫ Rxvt-unicode Version5.3

Rxvt-unicode ≫ Rxvt-unicode Version5.4

Rxvt-unicode ≫ Rxvt-unicode Version5.5

Rxvt-unicode ≫ Rxvt-unicode Version5.6

Rxvt-unicode ≫ Rxvt-unicode Version5.7

Rxvt-unicode ≫ Rxvt-unicode Version5.8

Rxvt-unicode ≫ Rxvt-unicode Version5.9

Rxvt-unicode ≫ Rxvt-unicode Version6.0

Rxvt-unicode ≫ Rxvt-unicode Version6.1

Rxvt-unicode ≫ Rxvt-unicode Version6.2

Rxvt-unicode ≫ Rxvt-unicode Version6.3

Rxvt-unicode ≫ Rxvt-unicode Version7.0

Rxvt-unicode ≫ Rxvt-unicode Version7.1

Rxvt-unicode ≫ Rxvt-unicode Version7.2

Rxvt-unicode ≫ Rxvt-unicode Version7.3

Rxvt-unicode ≫ Rxvt-unicode Version7.4

Rxvt-unicode ≫ Rxvt-unicode Version7.5

Rxvt-unicode ≫ Rxvt-unicode Version7.6

Rxvt-unicode ≫ Rxvt-unicode Version7.7

Rxvt-unicode ≫ Rxvt-unicode Version7.8

Rxvt-unicode ≫ Rxvt-unicode Version7.9

Rxvt-unicode ≫ Rxvt-unicode Version8.0

Rxvt-unicode ≫ Rxvt-unicode Version8.1

Rxvt-unicode ≫ Rxvt-unicode Version8.2

Rxvt-unicode ≫ Rxvt-unicode Version8.3

Rxvt-unicode ≫ Rxvt-unicode Version8.4

Rxvt-unicode ≫ Rxvt-unicode Version8.5

Rxvt-unicode ≫ Rxvt-unicode Version8.5a

Rxvt-unicode ≫ Rxvt-unicode Version8.6

Rxvt-unicode ≫ Rxvt-unicode Version8.7

Rxvt-unicode ≫ Rxvt-unicode Version8.8

Rxvt-unicode ≫ Rxvt-unicode Version8.9

Rxvt-unicode ≫ Rxvt-unicode Version9.0

Wterm ≫ Wterm Version <= 6.2.8a2

Wterm ≫ Wterm Version6.2.5

Wterm ≫ Wterm Version6.2.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.169

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.7	1.9	6.4	AV:L/AC:H/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/31687

Vendor Advisory

http://article.gmane.org/gmane.comp.security.oss.general/122

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296

Vendor Advisory

http://secunia.com/advisories/29576

Vendor Advisory

http://secunia.com/advisories/30224

Vendor Advisory

http://secunia.com/advisories/30225

Vendor Advisory

http://secunia.com/advisories/30226

Vendor Advisory

http://secunia.com/advisories/30227

Vendor Advisory

http://secunia.com/advisories/30229

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200805-03.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2008:161

http://www.mandriva.com/security/advisories?name=MDVSA-2008:221

http://www.securityfocus.com/bid/28512

Patch

https://nvd.nist.gov/vuln/detail/CVE-2008-1142

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1142

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1142

EUVD