tty software vulnerabilities
vulnerabilities.aspcode.net
Searching tty software vulnerabilities
screen and rxvt in Red Hat Linux 6.0 do not pro
properly
|
devices
|
screen
|
allows
|
which
|
write
|
other
|
local
|
users
|
Linux
|
modes
|
rxvt
|
ttys
|
Red
|
Hat
|
set
|
not
|
tty
|
screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of tty devices, which allows local users to write to other ttys.
Red Hat Linux 6.0 installs the /dev/pts file sy
installs
|
/dev/pts
|
insecure
|
devices
|
system
|
allows
|
local
|
write
|
users
|
other
|
Linux
|
modes
|
which
|
file
|
Red
|
tty
|
Hat
|
Red Hat Linux 6.0 installs the /dev/pts file system with insecure modes, which allows local users to write to other tty devices.
pt_chmod in Solaris 8 does not call fdetach to
privileges
|
terminals
|
modifying
|
terminal
|
pt_chmod
|
fdetach
|
Solaris
|
users'
|
allows
|
which
|
other
|
write
|
local
|
reset
|
users
|
does
|
call
|
ACL
|
TTY
|
not
|
log
|
out
|
pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.
Buffer overflow in Century Software TERM allows
privileges
|
Software
|
argument
|
overflow
|
program
|
Century
|
callin
|
allows
|
Buffer
|
users
|
local
|
long
|
gain
|
TERM
|
root
|
via
|
tty
|
Buffer overflow in Century Software TERM allows local users to gain root privileges via a long tty argument to the callin program.
Directory traversal vulnerability in xtell (xte
vulnerability
|
traversal
|
Directory
|
xtell
|
Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument.
/proc/tty/driver/serial in Linux 2.4.x reveals
/proc/tty/driver/serial
|
information
|
potentially
|
characters
|
passwords
|
sensitive
|
reveals
|
obtain
|
serial
|
number
|
length
|
local
|
users
|
links
|
Linux
|
exact
|
allow
|
could
|
which
|
such
|
used
|
24x
|
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
Race condition in the setsid function in Linux
condition
|
function
|
before
|
setsid
|
Linux
|
Race
|
Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.
init_dev in tty_io.c in the Red Hat backport of
multi-threaded
|
applications
|
controlling
|
Enterprise
|
properly
|
init_dev
|
backport
|
tty_ioc
|
service
|
denial
|
allows
|
which
|
cause
|
users
|
local
|
Linux
|
clear
|
tty's
|
NPTL
|
does
|
Red
|
Hat
|
not
|
init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure.
The daemon for fallback-reboot before 0.995 all
fallback-reboot
|
before
|
daemon
|
The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty.
Linux kernel 2.6 before 2.6.11 does not restric
before
|
kernel
|
Linux
|
Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions.
Mac OS X 10.3.x and earlier uses insecure permi
permissions
|
insecure
|
terminal
|
earlier
|
pseudo
|
103x
|
uses
|
tty
|
Mac
|
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
rxvt-unicode before 6.3, on certain platforms t
rxvt-unicode
|
permissions
|
platforms
|
non-Unix
|
intended
|
maintain
|
devices
|
certain
|
openpty
|
allows
|
before
|
access
|
which
|
write
|
Linux
|
users
|
local
|
read
|
gain
|
such
|
most
|
does
|
use
|
pty
|
tty
|
not
|
BSD
|
rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices.
The Debian GNU/Linux 033_-F_NO_SETSID patch for
033_-F_NO_SETSID
|
interactively
|
disassociate
|
controlling
|
privileges
|
GNU/Linux
|
properly
|
program
|
TIOCSTI
|
started
|
Server
|
Debian
|
allows
|
1334-4
|
Apache
|
users
|
local
|
calls
|
ioctl
|
patch
|
which
|
httpd
|
HTTP
|
gain
|
does
|
tty
|
not
|
CGI
|
via
|
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
Plash permits sandboxed processes to open /dev/
restrictions
|
characters
|
arbitrary
|
processes
|
sandboxed
|
termimal
|
commands
|
/dev/tty
|
sandbox
|
execute
|
sending
|
process
|
TIOCSTI
|
permits
|
allows
|
escape
|
ioctl
|
shell
|
local
|
which
|
Plash
|
users
|
same
|
open
|
via
|
Plash permits sandboxed processes to open /dev/tty, which allows local users to escape sandbox restrictions and execute arbitrary commands by sending characters to a shell process on the same termimal via the TIOCSTI ioctl.
The BMP image parser in Sun Java Development Ki
Development
|
parser
|
image
|
Java
|
Kit
|
BMP
|
Sun
|
The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03, and 1.6.x before 1.6.0_01-b06, on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact.
xterm, including 192-7.el4 in Red Hat Enterpris
Enterprise
|
GNU/Linux
|
ownership
|
including
|
terminals
|
192-7el4
|
devices
|
allows
|
Debian
|
users'
|
208-31
|
other
|
which
|
users
|
local
|
write
|
Linux
|
xterm
|
wrong
|
group
|
data
|
sets
|
tty
|
Red
|
Hat
|
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.
Software vulnerabilities results 1 to 17 of 17
Page:
1