CVE-2007-2797 - OpenCVE

xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux
Xterm	Xterm
Debian	Debian Linux

Configuration 1 [-]

AND

cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

cpe:2.3:a:xterm:xterm:192-7.el4:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*

cpe:2.3:a:xterm:xterm:208-3.1:*:*:*:*:*:*:*

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349924
http://secunia.com/advisories/26562	Patch Vendor Advisory
http://secunia.com/advisories/27617
http://secunia.com/advisories/27921
http://securityreason.com/securityalert/3066
http://support.avaya.com/elmodocs2/security/ASA-2007-490.htm
http://www.redhat.com/support/errata/RHSA-2007-0701.html
http://www.securityfocus.com/archive/1/477469/100/0/threaded
http://www.securityfocus.com/archive/1/477632/100/100/threaded
http://www.securityfocus.com/bid/26710
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239070
https://issues.rpath.com/browse/RPL-1396
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10421

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2007-08-27T17:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-05-21T00:00:00

Link: CVE-2007-2797

JSON object: View

NVD Information

Status : Modified

Published: 2007-08-27T17:17:00.000

Modified: 2018-10-16T16:45:26.603

Link: CVE-2007-2797

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-25T00:00:00", "descriptions": [{"lang": "en", "value": "xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "27921", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27921"}, {"name": "20070823 FLEA-2007-0048-1 xterm", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/477632/100/100/threaded"}, {"name": "20070823 rPSA-2007-0169-1 xterm", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/477469/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1396"}, {"name": "26710", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26710"}, {"name": "RHSA-2007:0701", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0701.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239070"}, {"name": "26562", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26562"}, {"name": "27617", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27617"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-490.htm"}, {"name": "oval:org.mitre.oval:def:10421", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10421"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349924"}, {"name": "3066", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3066"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-2797", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27921", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27921"}, {"name": "20070823 FLEA-2007-0048-1 xterm", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477632/100/100/threaded"}, {"name": "20070823 rPSA-2007-0169-1 xterm", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477469/100/0/threaded"}, {"name": "https://issues.rpath.com/browse/RPL-1396", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1396"}, {"name": "26710", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26710"}, {"name": "RHSA-2007:0701", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0701.html"}, {"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239070", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239070"}, {"name": "26562", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26562"}, {"name": "27617", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27617"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-490.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-490.htm"}, {"name": "oval:org.mitre.oval:def:10421", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10421"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349924", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349924"}, {"name": "3066", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3066"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-2797", "datePublished": "2007-08-27T17:00:00", "dateReserved": "2007-05-21T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CECD221-9715-4ECD-88E5-3252EFCA784F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:xterm:xterm:192-7.el4:*:*:*:*:*:*:*", "matchCriteriaId": "3A27E80A-9049-4BFE-9462-D113183BC704", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C8919F1-CD33-437E-9627-69352B276BA3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:xterm:xterm:208-3.1:*:*:*:*:*:*:*", "matchCriteriaId": "2644B4E5-E731-4A38-878C-EA6A37D4CA69", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals."}, {"lang": "es", "value": "xterm, incluido en 192-7.el4 en Red Hat Enterprise Linux y 208-3.1 en Debian GNU/Linux, fija la propiedad incorrecta al grupo de los dispositivos tty, lo cual permite a usuarios locales escribir datos en los terminales de otros usuarios."}], "id": "CVE-2007-2797", "lastModified": "2018-10-16T16:45:26.603", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-27T17:17:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349924"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/26562"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27617"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27921"}, {"source": "secalert@redhat.com", "url": "http://securityreason.com/securityalert/3066"}, {"source": "secalert@redhat.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-490.htm"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0701.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/477469/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/477632/100/100/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/26710"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239070"}, {"source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-1396"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10421"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}