4
CVE-2010-4176
- EPSS 2.32%
- Veröffentlicht 07.12.2010 22:00:02
- Zuletzt bearbeitet 16.06.2026 23:24:17
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dracut Project ≫ Dracut Version-
Udev Project ≫ Udev Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.32% | 0.813 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html
http://secunia.com/advisories/42342
http://secunia.com/advisories/42451
http://www.securityfocus.com/bid/45046
http://www.vupen.com/english/advisories/2010/3062
http://www.vupen.com/english/advisories/2010/3110
https://bugzilla.redhat.com/show_bug.cgi?id=654489
https://bugzilla.redhat.com/show_bug.cgi?id=654935