Mandriva Update For Rxvt MDVSA-2008:161 (rxvt) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability in rxvt allowed it to open a terminal on :0 if the environment variable was not set, which could be used by a local user to hijack X11 connections (CVE-2008-1142). The updated packages have been patched to correct this issue.

Affected

rxvt on Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64, Mandriva Linux 2008.1, Mandriva Linux 2008.1/X86_64

Severity

Classification

CVE CVE-2008-1142

CVSS	Base Score: 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandriva Update for postfix MDVSA-2008:190 (postfix)
Mandrake Security Advisory MDVSA-2009:066 (php)
Mandriva Update for vixie-cron MDKSA-2007:234 (vixie-cron)
Mandriva Update for gv MDVSA-2010:159 (gv)
Mandriva Update for avahi MDKSA-2007:185 (avahi)

Mandriva Update for rxvt MDVSA-2008:161 (rxvt)

Take action and discover your vulnerabilities