CVE-2010-4176

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 07-12-2010 11:00

Last modified: - 03-06-2022 05:09

Total changes: - 2

Description

plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:S/C:P/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.0

Base score

8.0

2.9

Exploitability score

Impact score

Verification logic

AND

vendor=udev_project AND product=udev AND version=-

vendor=dracut_project AND product=dracut AND version=-

vendor=fedoraproject AND product=fedora AND version=13

vendor=fedoraproject AND product=fedora AND version=14

Reference

42342-Not Applicable
FEDORA-2010-17930-Mailing List, Third Party Advisory
ADV-2010-3062-Permissions Required
45046-Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=654489
https://bugzilla.redhat.com/show_bug.cgi?id=654935
ADV-2010-3110-Permissions Required
42451-Not Applicable
FEDORA-2010-17912-Mailing List, Third Party Advisory

Keywords

CVE-2010-4176

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2010-4176

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures