| Package: | eterm |
| Date: | 2008-05-15 |
| Vulnerable version: | 0.9.4-2 |
| Unaffected version: | 0.9.4-3kalgan1 |
| Bug tracker entry: | http://bugs.frugalware.org/task/2918 |
| CVEs: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1692 |
| Description: | A security issue has been reported in Eterm, which can be exploited by malicious, local users to gain escalated privileges. Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. |
