plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.
References
Link | Resource |
---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html | Mailing List Third Party Advisory |
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html | Mailing List Third Party Advisory |
http://secunia.com/advisories/42342 | Not Applicable |
http://secunia.com/advisories/42451 | Not Applicable |
http://www.securityfocus.com/bid/45046 | Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2010/3062 | Permissions Required |
http://www.vupen.com/english/advisories/2010/3110 | Permissions Required |
https://bugzilla.redhat.com/show_bug.cgi?id=654489 | Issue Tracking Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=654935 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2010-12-07T21:00:00
Updated: 2011-03-11T10:00:00
Reserved: 2010-11-04T00:00:00
Link: CVE-2010-4176
JSON object: View
NVD Information
Status : Analyzed
Published: 2010-12-07T22:00:02.577
Modified: 2022-06-03T15:09:18.333
Link: CVE-2010-4176
JSON object: View
Redhat Information
No data.
CWE