CVE-2008-1845

Name of the Vulnerable Software and Affected Versions Korn shell (aka mksh) versions prior to R33d

Description The issue allows local users to gain privileges by opening a virtual terminal and entering command sequences. These sequences might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.

Recommendations For versions prior to R33d, update to R33d or later to resolve the issue. As a temporary workaround, consider avoiding the use of the -T option when launching mksh until a patch is available. Restrict access to virtual terminals to minimize the risk of exploitation.