rxvt
Page content
- Vulnerable: 2.6.4-2
- Unaffected: 2.7.10-1kalgan1
Bernhard R. Link has reported a security issue in rxvt, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the program using “:0” as it’s X11 display if the DISPLAY environment variable is missing. This can be exploited to execute arbitrary commands with the privileges of the user running rxvt via a malicious X server.
- Bug Tracker URL: http://bugs.frugalware.org/task/2925