CVE-2006-0126

NameCVE-2006-0126
Descriptionrxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rxvt-unicode (PTS)jessie9.20-1fixed
stretch (security), stretch (lts), stretch9.22-1+deb9u1fixed
buster9.22-6+deb10u1fixed
bullseye9.22-11fixed
bookworm9.30-2fixed
sid, trixie9.31-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rxvt-unicodesourcewoody(not affected)
rxvt-unicodesourcesarge(not affected)
rxvt-unicodesource(unstable)6.3-1

Notes

[sarge] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)
[woody] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)

Search for package or bug name: Reporting problems