Unrated severityNVD Advisory· Published Nov 4, 2019· Updated Aug 8, 2024
CVE-2005-4890
CVE-2005-4890
Description
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: >=1.0, <1.7.4
- Red Hat/shadowv5Range: 4.x before 4.1.5
- Red Hat/sudov5Range: 1.x before 1.7.4
Patches
Vulnerability mechanics
References
11- www.openwall.com/lists/oss-security/2012/11/06/8mitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2013/05/20/3mitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2013/11/28/10mitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2013/11/29/5mitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2014/10/20/9mitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2014/10/21/1mitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2014/12/15/5mitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2016/02/25/6mitrex_refsource_MISC
- access.redhat.com/security/cve/cve-2005-4890mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security-tracker.debian.org/tracker/CVE-2005-4890mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.