Multiple X11 terminals: Local privilege escalation A vulnerability was found in aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm, allowing for local privilege escalation. aterm eterm rxvt mrxvt multi-aterm wterm rxvt-unicode May 07, 2008 May 10, 2008: 02 216833 217819 219746 219750 219754 219760 219762 local 1.0.1-r1 1.0.1-r1 0.9.4-r1 0.9.4-r1 0.5.3-r2 0.5.3-r2 0.2.1-r1 0.2.1-r1 2.7.10-r4 2.7.10-r4 9.02-r1 9.02-r1 6.2.9-r3 6.2.9-r3

Aterm, Eterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are X11 terminal emulators.

Bernhard R. Link discovered that RXVT opens a terminal on :0 if the "-display" option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo Security Team has shown that aterm, Eterm, Mrxvt, multi-aterm, rxvt-unicode, and wterm are also affected.

A local attacker could exploit this vulnerability to hijack X11 terminals of other users.

There is no known workaround at this time.

All aterm users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/aterm-1.0.1-r1"

All Eterm users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/eterm-0.9.4-r1"

All Mrxvt users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/mrxvt-0.5.3-r2"

All multi-aterm users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/multi-aterm-0.2.1-r1"

All RXVT users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-2.7.10-r4"

All rxvt-unicode users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/rxvt-unicode-9.02-r1"

All wterm users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/wterm-6.2.9-r3" CVE-2008-1142 CVE-2008-1692 keytoaster keytoaster keytoaster