CVE-2008-0217
FreeBSD 5.0-7.0-PRERELEASE - Unprotected Terminal Data Exposure via script Program
Title source: llmDescription
The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes openpty, which creates a pseudo-terminal with world-readable and world-writable permissions when it is not run as root, which allows local users to read data from the terminal of the user running script.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019191
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39665
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27284
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28498
Patch vendor-advisory
x_refsource_freebsd
http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc
Scores
EPSS
0.0004
EPSS Percentile
10.7%
Details
CWE
CWE-264
Status
published
Products (6)
freebsd/freebsd
5.0
freebsd/freebsd
5.5
freebsd/freebsd
6.0
freebsd/freebsd
6.1
freebsd/freebsd
6.2
freebsd/freebsd
7.0 (2 CPE variants)
Published
Jan 16, 2008
Tracked Since
Feb 18, 2026