CVE-2005-4890

Summary

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

Affected Software

VendorProductVersion RangeStatus
Red Hatshadow4.x before 4.1.5affected
Red Hatsudo1.x before 1.7.4affected

Weaknesses

  • tty hijacking possible in "su" via TIOCSTI ioctl

ADP Enrichment

CVE Program Container

Additional References

References