Debian adequate before 0.8.1, when run by root with the –user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Adequate | Debian | * | 0.8 (including) |
| Adequate | Debian | 0.1 (including) | 0.1 (including) |
| Adequate | Debian | 0.1.1 (including) | 0.1.1 (including) |
| Adequate | Debian | 0.2 (including) | 0.2 (including) |
| Adequate | Debian | 0.2.1 (including) | 0.2.1 (including) |
| Adequate | Debian | 0.3.1 (including) | 0.3.1 (including) |
| Adequate | Debian | 0.4 (including) | 0.4 (including) |
| Adequate | Debian | 0.4.1 (including) | 0.4.1 (including) |
| Adequate | Debian | 0.4.2 (including) | 0.4.2 (including) |
| Adequate | Debian | 0.4.3 (including) | 0.4.3 (including) |
| Adequate | Debian | 0.4.4 (including) | 0.4.4 (including) |
| Adequate | Debian | 0.5 (including) | 0.5 (including) |
| Adequate | Debian | 0.5.1 (including) | 0.5.1 (including) |
| Adequate | Debian | 0.5.2 (including) | 0.5.2 (including) |
| Adequate | Debian | 0.5.3 (including) | 0.5.3 (including) |
| Adequate | Debian | 0.6 (including) | 0.6 (including) |
| Adequate | Debian | 0.7 (including) | 0.7 (including) |
| Adequate | Debian | 0.7.1 (including) | 0.7.1 (including) |
| Adequate | Ubuntu | raring | * |
| Adequate | Ubuntu | saucy | * |
| Adequate | Ubuntu | upstream | * |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730691
- http://www.securityfocus.com/bid/63994
- https://bitbucket.org/jwilk/adequate/raw/tip/debian/changelog
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730691
- http://www.securityfocus.com/bid/63994
- https://bitbucket.org/jwilk/adequate/raw/tip/debian/changelog