Vulnerability Details CVE-2007-2797
xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in Debian GNU/Linux, sets the wrong group ownership of tty devices, which allows local users to write data to other users' terminals.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.8%
CVSS Severity
CVSS v2 Score 2.1
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349924
- http://secunia.com/advisories/26562
- http://secunia.com/advisories/27617
- http://secunia.com/advisories/27921
- http://securityreason.com/securityalert/3066
- http://support.avaya.com/elmodocs2/security/ASA-2007-490.htm
- http://www.redhat.com/support/errata/RHSA-2007-0701.html
- http://www.securityfocus.com/archive/1/477469/100/0/threaded
- http://www.securityfocus.com/archive/1/477632/100/100/threaded
- http://www.securityfocus.com/bid/26710
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239070
- https://issues.rpath.com/browse/RPL-1396
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10421
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=349924
- http://secunia.com/advisories/26562
- http://secunia.com/advisories/27617
- http://secunia.com/advisories/27921
- http://securityreason.com/securityalert/3066
- http://support.avaya.com/elmodocs2/security/ASA-2007-490.htm
- http://www.redhat.com/support/errata/RHSA-2007-0701.html
- http://www.securityfocus.com/archive/1/477469/100/0/threaded
- http://www.securityfocus.com/archive/1/477632/100/100/threaded
- http://www.securityfocus.com/bid/26710
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239070
- https://issues.rpath.com/browse/RPL-1396
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10421
Products affected by CVE-2007-2797
-
cpe:2.3:a:xterm:xterm:192-7.el4
-
cpe:2.3:a:xterm:xterm:208-3.1
-
cpe:2.3:o:debian:debian_linux:-
-
cpe:2.3:o:debian:debian_linux:0.9.1
-
cpe:2.3:o:debian:debian_linux:0.9.2
-
cpe:2.3:o:debian:debian_linux:0.9.3
-
cpe:2.3:o:debian:debian_linux:0.9.4
-
cpe:2.3:o:debian:debian_linux:0.93
-
cpe:2.3:o:debian:debian_linux:1.1
-
cpe:2.3:o:debian:debian_linux:1.2
-
cpe:2.3:o:debian:debian_linux:1.3
-
cpe:2.3:o:debian:debian_linux:1.3.1
-
cpe:2.3:o:debian:debian_linux:10
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:debian:debian_linux:12.0
-
cpe:2.3:o:debian:debian_linux:13.0
-
cpe:2.3:o:debian:debian_linux:2.0
-
cpe:2.3:o:debian:debian_linux:2.0.34
-
cpe:2.3:o:debian:debian_linux:2.0.5
-
cpe:2.3:o:debian:debian_linux:2.1
-
cpe:2.3:o:debian:debian_linux:2.1.8.8.p3-1.1
-
cpe:2.3:o:debian:debian_linux:2.2
-
cpe:2.3:o:debian:debian_linux:2.3
-
cpe:2.3:o:debian:debian_linux:2.5.2-1
-
cpe:2.3:o:debian:debian_linux:2.5.3-16
-
cpe:2.3:o:debian:debian_linux:2.5.3-3
-
cpe:2.3:o:debian:debian_linux:3.0
-
cpe:2.3:o:debian:debian_linux:3.0.18
-
cpe:2.3:o:debian:debian_linux:3.0.23
-
cpe:2.3:o:debian:debian_linux:3.1
-
cpe:2.3:o:debian:debian_linux:3.2.4
-
cpe:2.3:o:debian:debian_linux:4.0
-
cpe:2.3:o:debian:debian_linux:5.0
-
cpe:2.3:o:debian:debian_linux:5.0.9
-
cpe:2.3:o:debian:debian_linux:6.0
-
cpe:2.3:o:debian:debian_linux:6.0.14
-
cpe:2.3:o:debian:debian_linux:6.2
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:debian:debian_linux:7.1
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:debian:debian_linux:9.2
-
cpe:2.3:o:redhat:enterprise_linux:-
-
cpe:2.3:o:redhat:enterprise_linux:2.1
-
cpe:2.3:o:redhat:enterprise_linux:3
-
cpe:2.3:o:redhat:enterprise_linux:3.0
-
cpe:2.3:o:redhat:enterprise_linux:4
-
cpe:2.3:o:redhat:enterprise_linux:4.0
-
cpe:2.3:o:redhat:enterprise_linux:4.4
-
cpe:2.3:o:redhat:enterprise_linux:4.5
-
cpe:2.3:o:redhat:enterprise_linux:5
-
cpe:2.3:o:redhat:enterprise_linux:5.0
-
cpe:2.3:o:redhat:enterprise_linux:5.1.0
-
cpe:2.3:o:redhat:enterprise_linux:5.11
-
cpe:2.3:o:redhat:enterprise_linux:5.4
-
cpe:2.3:o:redhat:enterprise_linux:6
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:6.1
-
cpe:2.3:o:redhat:enterprise_linux:6.10
-
cpe:2.3:o:redhat:enterprise_linux:6.2
-
cpe:2.3:o:redhat:enterprise_linux:6.3
-
cpe:2.3:o:redhat:enterprise_linux:6.4
-
cpe:2.3:o:redhat:enterprise_linux:6.5
-
cpe:2.3:o:redhat:enterprise_linux:6.6
-
cpe:2.3:o:redhat:enterprise_linux:6.7
-
cpe:2.3:o:redhat:enterprise_linux:6.8
-
cpe:2.3:o:redhat:enterprise_linux:6.9
-
cpe:2.3:o:redhat:enterprise_linux:7.0
-
cpe:2.3:o:redhat:enterprise_linux:7.1
-
cpe:2.3:o:redhat:enterprise_linux:7.2
-
cpe:2.3:o:redhat:enterprise_linux:7.3
-
cpe:2.3:o:redhat:enterprise_linux:7.4
-
cpe:2.3:o:redhat:enterprise_linux:7.5
-
cpe:2.3:o:redhat:enterprise_linux:7.6
-
cpe:2.3:o:redhat:enterprise_linux:7.7
-
cpe:2.3:o:redhat:enterprise_linux:7.8
-
cpe:2.3:o:redhat:enterprise_linux:7.9
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:8.1
-
cpe:2.3:o:redhat:enterprise_linux:8.3
-
cpe:2.3:o:redhat:enterprise_linux:8.3.0
-
cpe:2.3:o:redhat:enterprise_linux:8.4
-
cpe:2.3:o:redhat:enterprise_linux:8.5.0
-
cpe:2.3:o:redhat:enterprise_linux:8.6
-
cpe:2.3:o:redhat:enterprise_linux:8.7
-
cpe:2.3:o:redhat:enterprise_linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux:9.1
-
cpe:2.3:o:redhat:enterprise_linux:as_3
-
cpe:2.3:o:redhat:enterprise_linux:as_4
-
cpe:2.3:o:redhat:enterprise_linux:es_3
-
cpe:2.3:o:redhat:enterprise_linux:es_4
-
cpe:2.3:o:redhat:enterprise_linux:ws_3
-
cpe:2.3:o:redhat:enterprise_linux:ws_4