Name | CVE-2006-0126 |
Description | rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
rxvt-unicode (PTS) | jessie | 9.20-1 | fixed |
| stretch (security), stretch (lts), stretch | 9.22-1+deb9u1 | fixed |
| buster | 9.22-6+deb10u1 | fixed |
| bullseye | 9.22-11 | fixed |
| bookworm | 9.30-2 | fixed |
| sid, trixie | 9.31-3 | fixed |
The information below is based on the following data on fixed versions.
Notes
[sarge] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)
[woody] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)