CVE-2008-1845 : The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new ter

The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.

Published 2008-04-16 17:05:00

Updated 2017-08-08 01:30:31

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2008-1845

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-1845

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2008-1845

Products affected by CVE-2008-1845

Mirbsd » Miros » Update C
Versions up to, including, (<=) 33
cpe:2.3:o:mirbsd:miros:*:c:*:*:*:*:*:*
Matching versions
Mirbsd » Miros » Version: 33 Update A
cpe:2.3:o:mirbsd:miros:33:a:*:*:*:*:*:*
Matching versions
Mirbsd » Miros » Version: 33 Update B
cpe:2.3:o:mirbsd:miros:33:b:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2008-1845

Exploit prediction scoring system (EPSS) score for CVE-2008-1845

CVSS scores for CVE-2008-1845

References for CVE-2008-1845

Products affected by CVE-2008-1845