CVE-2008-1692

Description

Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

How to fix CVE-2008-1692

To remediate CVE-2008-1692, upgrade the affected package to a fixed version below.

• Debian/eterm—upgrade to 0.9.4.0debian1-2.1 or later

Is CVE-2008-1692 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.9.4.0debian1-2.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-1692