Vulnerability Details CVE-2016-10369
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- https://bugs.debian.org/862098
- https://git.lxde.org/gitweb/?p=lxde/lxterminal.git%3Ba=commit%3Bh=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
- https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-output/333578
- https://bugs.debian.org/862098
- https://git.lxde.org/gitweb/?p=lxde/lxterminal.git%3Ba=commit%3Bh=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
- https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-output/333578
Products affected by CVE-2016-10369
-
cpe:2.3:a:lxterminal_project:lxterminal:0.3.0