CVE-2004-2215

Vulnerability

RXVT-Unicode versions 3.4 and 3.5 contain a vulnerability where file descriptors are not properly closed after use. This flaw occurs in the terminal emulator's process handling, leaving file descriptors open that should be restricted to the owning user's session. The affected versions are 3.4 and 3.5 [1].

Exploitation

An attacker must have local access to the system and be able to run processes on the same machine. By exploiting the leaked file descriptors, the attacker can read from or write to the terminal sessions of other users who are running the same vulnerable version of RXVT-Unicode. No special privileges or user interaction beyond local shell access is required [1].

Impact

Successful exploitation allows the attacker to intercept or inject data into other users' terminal sessions, leading to information disclosure (e.g., reading passwords or sensitive output) and potentially privilege escalation if the target user has higher privileges. The attacker gains the ability to interact with the terminal of another user, which can compromise the confidentiality and integrity of that session [1].

Mitigation

Users should upgrade to a version of RXVT-Unicode that properly closes file descriptors. Since the vulnerability was disclosed in 2004, later versions (e.g., 3.6 or newer) are expected to contain the fix. If upgrading is not possible, limiting local access to trusted users and monitoring for unusual terminal activity may reduce risk. No workaround is documented in the available references [1].