CVE-2008-1845

Publication date 16 April 2008

Last updated 24 July 2024


Ubuntu priority

The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty’s I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
mksh 11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy Ignored end of life
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.06 LTS dapper Ignored end of life