Back to search
CVE-2005-4890
Published: Nov 4, 2019
Modified: Aug 8, 2024
PUBLISHED
Description
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
| Vendor | Product | Versions |
|---|---|---|
Red Hat | shadow | affected 4.x before 4.1.5 |
Red Hat | sudo | affected 1.x before 1.7.4 |
References
http://www.openwall.com/lists/oss-security/2014/12/15/5
x_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2005-4890
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2005-4890
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/11/06/8
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/20/3
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/11/28/10
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/11/29/5
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/10/20/9
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/10/21/1
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2016/02/25/6
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now