Vulnerability Details CVE-2008-0217
The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.7%
CVSS Severity
CVSS v2 Score 6.9
References
- http://secunia.com/advisories/28498
- http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc
- http://www.securityfocus.com/bid/27284
- http://www.securitytracker.com/id?1019191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39665
- http://secunia.com/advisories/28498
- http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc
- http://www.securityfocus.com/bid/27284
- http://www.securitytracker.com/id?1019191
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39665
Products affected by CVE-2008-0217
-
cpe:2.3:o:freebsd:freebsd:5.0
-
cpe:2.3:o:freebsd:freebsd:5.5
-
cpe:2.3:o:freebsd:freebsd:6.0
-
cpe:2.3:o:freebsd:freebsd:6.1
-
cpe:2.3:o:freebsd:freebsd:6.2
-
cpe:2.3:o:freebsd:freebsd:7.0