PT-2010-5337 · Fedora · Udev+2

Published

2010-12-07

Updated

2022-06-03

CVE-2010-4176

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions dracut versions on Fedora 13 and 14 udev versions on Fedora 13 and 14

Description The issue allows remote authenticated users to read terminal data from tty0 for local users due to weak permissions set for the /dev/systty device file by plymouth-pretrigger.sh in dracut and udev.

Recommendations For dracut on Fedora 13 and 14, consider updating the permissions of the /dev/systty device file to restrict access. For udev on Fedora 13 and 14, restrict access to the /dev/systty device file until a proper fix is applied.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2010-4176

Affected Products

Dracut

Plymouth-Pretrigger.Sh

Udev

PT-2010-5337 · Fedora · Udev+2

CVE-2010-4176

Weakness Enumeration

Related Identifiers

Affected Products

References · 10