SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

xterm Local User Deterministic Unauthorized Access


Arrow  SecurityAlert : 3066
Arrow  CVE : CVE-2007-2797
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : No
Arrow  Local Exploit : Yes
Arrow  Exploit Available : No
Arrow  Credit : rPath Update Announcements
Arrow  Published : 28.08.2007

Arrow  Affected Software : xterm



Arrow  Advisory Content :  

rPath Security Advisory: 2007-0169-1
Published: 2007-08-23
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Local User Deterministic Unauthorized Access
Updated Versions:
xterm=/conary.rpath.com@rpl:devel//1/202-5.3-1

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2797
https://issues.rpath.com/browse/RPL-1396

Description:
Previous versions of the xterm package assigned incorrect ownership
and
write permissions to pseudo-terminal devices, permitting local users
to
direct output to other users' xterm sessions.

Due to xterm's extensive internal processing of escape sequences, this
also permits unauthorized modification of xterm session behavior.

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html






Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...

Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration

PHP RSS PHP Alert

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass

» PHP 5.3.0 5.2.11
   posix_mkfifo()
   open_basedir bypass

Copyright © SecurityReason.com. All Rights Reserved.