CVE-2010-4176

plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html	Mailing List Third Party Advisory
http://secunia.com/advisories/42342	Not Applicable
http://secunia.com/advisories/42451	Not Applicable
http://www.securityfocus.com/bid/45046	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2010/3062	Permissions Required
http://www.vupen.com/english/advisories/2010/3110	Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=654489	Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=654935	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:dracut_project:dracut:-:::::::*
	cpe:2.3:a:udev_project:udev:-:::::::*

OR	cpe:2.3:o:fedoraproject:fedora:13:::::::*
	cpe:2.3:o:fedoraproject:fedora:14:::::::*

History

03 Jun 2022, 15:09

Type	Values Removed	Values Added
CPE	cpe:2.3:a:kernel:udev:1.1.2:::::::* cpe:2.3:a:kernel:udev:0.1.5:::::::* cpe:2.3:a:kernel:udev:1.2.9:::::::* cpe:2.3:a:kernel:udev:1.3.5:::::::* cpe:2.3:a:kernel:udev:0.3.8:::::::* cpe:2.3:a:kernel:udev:0.2.1:::::::* cpe:2.3:a:kernel:udev:1.2.3:::::::* cpe:2.3:a:kernel:udev:0.6.0:::::::* cpe:2.3:a:kernel:udev:1.1.0:::::::* cpe:2.3:a:kernel:udev:0.1.0-1:::::::* cpe:2.3:a:kernel:udev:0.8.4:::::::* cpe:2.3:a:kernel:udev:0.9.5:::::::* cpe:2.3:a:kernel:udev:0.0.1:::::::* cpe:2.3:a:kernel:udev:0.4.6:::::::* cpe:2.3:a:kernel:udev:1.3.3:::::::* cpe:2.3:a:kernel:udev:0.1.7:::::::* cpe:2.3:a:kernel:udev:0.4.9:::::::* cpe:2.3:a:fedoraproject:dracut:::::::: cpe:2.3:a:kernel:udev:0.7.6:::::::* cpe:2.3:a:kernel:udev:0.7.8:::::::* cpe:2.3:a:kernel:udev:0.8.9:::::::* cpe:2.3:a:kernel:udev:0.4.2:::::::* cpe:2.3:o:redhat:fedora:13:::::::* cpe:2.3:a:kernel:udev:0.2.4:::::::* cpe:2.3:a:kernel:udev:1.3.2:::::::* cpe:2.3:a:kernel:udev:0.8.3:::::::* cpe:2.3:o:redhat:fedora:14:::::::* cpe:2.3:a:kernel:udev:0.4.7:::::::* cpe:2.3:a:kernel:udev:1.2.4:::::::* cpe:2.3:a:kernel:udev:1.3.4:::::::* cpe:2.3:a:kernel:udev:0.2.7:::::::* cpe:2.3:a:kernel:udev:1.1.7:::::::* cpe:2.3:a:kernel:udev:0.1.9:::::::* cpe:2.3:a:kernel:udev:0.0.9-1:::::::* cpe:2.3:a:kernel:udev:0.9.4:::::::* cpe:2.3:a:kernel:udev:0.7.1:::::::* cpe:2.3:a:kernel:udev:0.9.1:::::::* cpe:2.3:a:kernel:udev:1.0.8:::::::* cpe:2.3:a:kernel:udev:1.4.0:::::::* cpe:2.3:a:kernel:udev:0.0.7:::::::* cpe:2.3:a:kernel:udev:0.3.7:::::::* cpe:2.3:a:kernel:udev:0.0.3:::::::* cpe:2.3:a:kernel:udev:1.0.3:::::::* cpe:2.3:a:kernel:udev:1.1.4:::::::* cpe:2.3:a:kernel:udev:0.0.8-1:::::::* cpe:2.3:a:kernel:udev:0.7.2:::::::* cpe:2.3:a:kernel:udev:1.0.2:::::::* cpe:2.3:a:kernel:udev:0.6.3:::::::* cpe:2.3:a:kernel:udev:0.9.7:::::::* cpe:2.3:a:kernel:udev:0.2.8:::::::* cpe:2.3:a:kernel:udev:1.1.5:::::::* cpe:2.3:a:kernel:udev:0.4.3:::::::* cpe:2.3:a:kernel:udev:1.3.8:::::::* cpe:2.3:a:kernel:udev:0.7.3:::::::* cpe:2.3:a:kernel:udev:1.1.8:::::::* cpe:2.3:a:kernel:udev:0.3.1:::::::* cpe:2.3:a:kernel:udev:0.6.8:::::::* cpe:2.3:a:kernel:udev:0.1.1-1:::::::* cpe:2.3:a:kernel:udev:1.0.1:::::::* cpe:2.3:a:kernel:udev:0.1.4:::::::* cpe:2.3:a:kernel:udev:1.3.7:::::::* cpe:2.3:a:kernel:udev:0.5.8:::::::* cpe:2.3:a:kernel:udev:0.3.9:::::::* cpe:2.3:a:kernel:udev:0.5.7:::::::* cpe:2.3:a:kernel:udev:0.0.8:::::::* cpe:2.3:a:kernel:udev:0.8.1:::::::* cpe:2.3:a:kernel:udev:0.0.5:::::::* cpe:2.3:a:kernel:udev:0.5.3:::::::* cpe:2.3:a:kernel:udev:0.6.4:::::::* cpe:2.3:a:kernel:udev:1.2.8:::::::* cpe:2.3:a:kernel:udev:0.5.2:::::::* cpe:2.3:a:kernel:udev:0.8.5:::::::* cpe:2.3:a:kernel:udev:0.4.8:::::::* cpe:2.3:a:kernel:udev:0.6.2:::::::* cpe:2.3:a:kernel:udev:0.1.3:::::::* cpe:2.3:a:kernel:udev:0.9.0:::::::* cpe:2.3:a:kernel:udev:1.0.5:::::::* cpe:2.3:a:kernel:udev:1.3.6:::::::* cpe:2.3:a:kernel:udev:0.2.3:::::::* cpe:2.3:a:kernel:udev:1.0.0:::::::* cpe:2.3:a:kernel:udev:1.1.9:::::::* cpe:2.3:a:kernel:udev:0.8.8:::::::* cpe:2.3:a:kernel:udev:0.3.3:::::::* cpe:2.3:a:kernel:udev:0.6.7:::::::* cpe:2.3:a:kernel:udev:0.3.5:::::::* cpe:2.3:a:kernel:udev:0.5.5:::::::* cpe:2.3:a:kernel:udev:0.1.6:::::::* cpe:2.3:a:kernel:udev:1.2.1:::::::* cpe:2.3:a:kernel:udev:0.4.0:::::::* cpe:2.3:a:kernel:udev:0.7.5:::::::* cpe:2.3:a:kernel:udev:1.2.7:::::::* cpe:2.3:a:kernel:udev:0.5.1:::::::* cpe:2.3:a:kernel:udev:0.8.2:::::::* cpe:2.3:a:kernel:udev:0.6.5:::::::* cpe:2.3:a:kernel:udev:0.9.3:::::::* cpe:2.3:a:kernel:udev:1.1.6:::::::* cpe:2.3:a:kernel:udev:0.0.6:::::::* cpe:2.3:a:kernel:udev:0.2.9:::::::* cpe:2.3:a:kernel:udev:0.3.4:::::::* cpe:2.3:a:kernel:udev:0.5.4:::::::* cpe:2.3:a:kernel:udev:0.3.0:::::::* cpe:2.3:a:kernel:udev:0.7.0:::::::* cpe:2.3:a:kernel:udev:0.7.7:::::::* cpe:2.3:a:kernel:udev:0.3.2:::::::* cpe:2.3:a:kernel:udev:1.0.7:::::::* cpe:2.3:a:kernel:udev:1.2.6:::::::* cpe:2.3:a:kernel:udev:0.0.2:::::::* cpe:2.3:a:kernel:udev:1.2.2:::::::* cpe:2.3:a:kernel:udev:0.2.6:::::::* cpe:2.3:a:kernel:udev:0.0.4-1:::::::* cpe:2.3:a:kernel:udev:0.9.9:::::::* cpe:2.3:a:kernel:udev:1.1.1:::::::* cpe:2.3:a:kernel:udev:1.3.9:::::::* cpe:2.3:a:kernel:udev:0.4.5:::::::* cpe:2.3:a:kernel:udev:0.7.9:::::::* cpe:2.3:a:kernel:udev:0.2.2:::::::* cpe:2.3:a:kernel:udev:0.1.8:::::::* cpe:2.3:a:kernel:udev:1.1.3:::::::* cpe:2.3:a:kernel:udev:0.1.2:::::::* cpe:2.3:a:kernel:udev:0.9.6:::::::* cpe:2.3:a:kernel:udev:0.6.1:::::::* cpe:2.3:a:kernel:udev:0.0.5-1:::::::* cpe:2.3:a:kernel:udev:1.3.0:::::::* cpe:2.3:a:kernel:udev:0.5.6:::::::* cpe:2.3:a:kernel:udev:0.6.6:::::::* cpe:2.3:a:kernel:udev:0.2.0:::::::* cpe:2.3:a:kernel:udev:0.8.6:::::::* cpe:2.3:a:kernel:udev:0.4.4:::::::* cpe:2.3:a:kernel:udev:0.5.9:::::::* cpe:2.3:a:kernel:udev:0.8.0:::::::* cpe:2.3:a:kernel:udev:0.9.2:::::::* cpe:2.3:a:kernel:udev:0.8.7:::::::* cpe:2.3:a:kernel:udev:1.0.6:::::::* cpe:2.3:a:kernel:udev:0.5.0:::::::* cpe:2.3:a:kernel:udev:1.3.1:::::::* cpe:2.3:a:kernel:udev:0.6.9:::::::* cpe:2.3:a:kernel:udev:1.2.0:::::::* cpe:2.3:a:kernel:udev:0.7.4:::::::* cpe:2.3:a:kernel:udev:0.9.8:::::::* cpe:2.3:a:kernel:udev:1.0.9:::::::* cpe:2.3:a:kernel:udev:0.0.4:::::::* cpe:2.3:a:kernel:udev:0.3.6:::::::* cpe:2.3:a:kernel:udev:0.2.5:::::::* cpe:2.3:a:kernel:udev:0.0.9:::::::* cpe:2.3:a:kernel:udev:1.2.5:::::::* cpe:2.3:a:kernel:udev:1.0.4:::::::*	cpe:2.3:a:dracut_project:dracut:-:::::::* cpe:2.3:a:udev_project:udev:-:::::::* cpe:2.3:o:fedoraproject:fedora:14:::::::* cpe:2.3:o:fedoraproject:fedora:13:::::::*
CWE	~~CWE-264~~	CWE-276
References	~~(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=654935 -~~	(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=654935 - Issue Tracking, Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/42451 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/42451 - Not Applicable
References	~~(FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html -~~	(FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html - Mailing List, Third Party Advisory
References	~~(BID) http://www.securityfocus.com/bid/45046 -~~	(BID) http://www.securityfocus.com/bid/45046 - Third Party Advisory, VDB Entry
References	~~(VUPEN) http://www.vupen.com/english/advisories/2010/3062 - Vendor Advisory~~	(VUPEN) http://www.vupen.com/english/advisories/2010/3062 - Permissions Required
References	~~(FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html -~~	(FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051418.html - Mailing List, Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/42342 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/42342 - Not Applicable
References	~~(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=654489 -~~	(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=654489 - Issue Tracking, Third Party Advisory
References	~~(VUPEN) http://www.vupen.com/english/advisories/2010/3110 - Vendor Advisory~~	(VUPEN) http://www.vupen.com/english/advisories/2010/3110 - Permissions Required
First Time		Udev Project udev Fedoraproject fedora Dracut Project Dracut Project dracut Udev Project

Information

Published : 2010-12-07 22:00

Updated : 2023-12-10 11:03

NVD link : CVE-2010-4176

Mitre link : CVE-2010-4176

CVE.ORG link : CVE-2010-4176

JSON object : View

Products Affected

fedoraproject

fedora

udev_project

udev

dracut_project

dracut

CWE

CWE-276

Incorrect Default Permissions

4.0 /10