CVE-2007-0823

NameCVE-2007-0823
Descriptionxterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xterm (PTS)jessie, jessie (lts)312-2+deb8u4fixed
stretch (security), stretch (lts), stretch327-2+deb9u3fixed
buster344-1+deb10u2fixed
bullseye366-1+deb11u1fixed
bookworm379-1fixed
sid, trixie395-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xtermsource(unstable)(not affected)

Notes

- xterm <not-affected> (Not a security problem)
Search for package or bug name: Reporting problems