[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Wed, 05 Mar 2008 09:42:59 +0100
From: Matthieu Herrb <matthieu.herrb@...s.fr>
To: oss-security@...ts.openwall.com
Subject: Re: request CVE id: insecure handling of DISPLAY in
rxvt
Nico Golde wrote:
> Hi all,
> Steve, can I get a CVE id for the following issue in rxvt?
>
> "If the DISPLAY environment is not set, rxvt opens an xterm
> on :0, which on some headless login-server means anyone can setup
> an fake X server waiting for someone loggin in without X
> forwarding to start rxvt by some mistake or by some program (thus
> without even noticing) and getting full shell access to that other
> account."
>
> This is Debian bug 469296[0].
>
> It should be a good idea to check other terminal emulators
> as well.
>
> [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469296
>
I don't understand how that's an issue with rxvt. If you "fix" the
terminal emulator not to that, yo can still run rxvt -display :0 or env
DISPLAY=:0 rxvt.
But then I also don't understant what you mean by "setup an fake X
server waiting for someone loggin in..."
Could you describe the attack scenario in a bit more details?
--
Matthieu Herrb
[ CONTENT OF TYPE application/x-pkcs7-signature SKIPPED ]
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux