VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Apr 7, 2008· Updated Apr 23, 2026

CVE-2008-1142

CVE-2008-1142

Description

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.

Affected products

118
  • Aterm/Aterm18 versions
    cpe:2.3:a:aterm:aterm:*:*:*:*:*:*:*:*+ 17 more
    • cpe:2.3:a:aterm:aterm:*:*:*:*:*:*:*:*range: <=1.0.0
    • cpe:2.3:a:aterm:aterm:0.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:0.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:0.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:0.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:0.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:0.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:0.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:0.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:0.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:0.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:0.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:0.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:1.00:beta1:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:1.00:beta2:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:1.00:beta3:*:*:*:*:*:*
    • cpe:2.3:a:aterm:aterm:1.00:beta4:*:*:*:*:*:*
  • Eterm/Eterm2 versions
    cpe:2.3:a:eterm:eterm:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:eterm:eterm:*:*:*:*:*:*:*:*range: <=0.9.3
    • cpe:2.3:a:eterm:eterm:0.9.2:*:*:*:*:*:*:*
  • Mrxvt/Mrxvt2 versions
    cpe:2.3:a:mrxvt:mrxvt:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mrxvt:mrxvt:*:*:*:*:*:*:*:*range: <=0.5.2
    • cpe:2.3:a:mrxvt:mrxvt:0.4.2:*:*:*:*:*:*:*
  • Multi Aterm/Multi Aterm6 versions
    cpe:2.3:a:multi-aterm:multi-aterm:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:multi-aterm:multi-aterm:*:*:*:*:*:*:*:*range: <=0.2
    • cpe:2.3:a:multi-aterm:multi-aterm:0.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:multi-aterm:multi-aterm:0.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:multi-aterm:multi-aterm:0.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:multi-aterm:multi-aterm:0.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:multi-aterm:multi-aterm:0.1:*:*:*:*:*:*:*
  • Rxvt/Rxvt9 versions
    cpe:2.3:a:rxvt:rxvt:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:rxvt:rxvt:*:*:*:*:*:*:*:*range: <=2.7.9
    • cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*
  • Rxvt Unicode/Rxvt Unicode78 versions
    cpe:2.3:a:rxvt-unicode:rxvt-unicode:*:*:*:*:*:*:*:*+ 77 more
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:*:*:*:*:*:*:*:*range: <=9.01
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:1.91:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:4.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:7.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.5a:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:8.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rxvt-unicode:rxvt-unicode:9.0:*:*:*:*:*:*:*
  • Wterm/Wterm3 versions
    cpe:2.3:a:wterm:wterm:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:wterm:wterm:*:*:*:*:*:*:*:*range: <=6.2.8a2
    • cpe:2.3:a:wterm:wterm:6.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:wterm:wterm:6.2.6:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

14

News mentions

0

No linked articles in our index yet.