[Frugalware-security] [ FSA-447 ] eterm

Miklos Vajna vmiklos at frugalware.org
Thu May 15 15:35:06 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-447

Date: 2008-05-15
Package: eterm
Vulnerable versions: <= 0.9.4-2
Unaffected versions: >= 0.9.4-3kalgan1
Related bugreport: http://bugs.frugalware.org/task/2918
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692

Description
===========

A security issue has been reported in Eterm, which can be exploited by malicious, local users to gain escalated privileges. Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Updated Packages
================

Check if you have eterm installed:

	# pacman-g2 -Q eterm

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy eterm

Availability
============

The latest revision of this advisory is available at
http://frugalware.org/security/447

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iEYEARECAAYFAkgsPAoACgkQZ7NElSD1VhnpZwCfXY9xuKTM5c1klbksYGuPHaAI
XbMAnimux5wa9h+zEj7C4IhLVTw2BPXC
=CGzc
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list