CVE-2008-1142 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-1142 Interim 1 14 2023-12-09T02:10:45Z current 2021-05-30T12:41:55Z 2023-12-09T02:10:45Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-1142 rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KUUXE6IWBPGX77THPJH4GX6TYOFU2EQR/#KUUXE6IWBPGX77THPJH4GX6TYOFU2EQR E-Mail link for SUSE-SR:2008:017 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YIRRHCE53YNBLDGNULGNED3XGUMUZDMO/ E-Mail link for openSUSE-SU-2022:10222-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Package Hub 15 SP3 SUSE Package Hub 15 SP4 openSUSE Leap 15.0 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed rxvt-unicode-9.05-1.19.1 rxvt-unicode-9.22-1.1 rxvt-unicode-9.22-lp150.2.1 rxvt-unicode-9.26-bp153.2.3.1 rxvt-unicode-9.26-bp154.2.3.1 rxvt-unicode-9.05-1.19.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 rxvt-unicode-9.26-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 rxvt-unicode-9.26-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 rxvt-unicode-9.22-lp150.2.1 as a component of openSUSE Leap 15.0 rxvt-unicode-9.26-bp153.2.3.1 as a component of openSUSE Leap 15.3 rxvt-unicode-9.26-bp154.2.3.1 as a component of openSUSE Leap 15.4 rxvt-unicode-9.22-1.1 as a component of openSUSE Tumbleweed rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine. CVE-2008-1142 SUSE Linux Enterprise Software Development Kit 11 SP4:rxvt-unicode-9.05-1.19.1 SUSE Package Hub 15 SP3:rxvt-unicode-9.26-bp153.2.3.1 SUSE Package Hub 15 SP4:rxvt-unicode-9.26-bp154.2.3.1 openSUSE Leap 15.0:rxvt-unicode-9.22-lp150.2.1 openSUSE Leap 15.3:rxvt-unicode-9.26-bp153.2.3.1 openSUSE Leap 15.4:rxvt-unicode-9.26-bp154.2.3.1 openSUSE Tumbleweed:rxvt-unicode-9.22-1.1 moderate 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P