FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mksh -- TTY attachment privilege escalation

Affected packages
mksh < R33d


VuXML ID 86c05550-12c1-11dd-bab7-0016179b2dd5
Discovery 2008-04-14
Entry 2008-04-25

Secunia reports:

The vulnerability is caused due to an error when attaching to a TTY via the -T command line switch. This can be exploited to execute arbitrary commands with the privileges of the user running mksh via characters previously written to the attached virtual console.


CVE Name CVE-2008-1845