GLSA-200409-10 : multi-gnome-terminal: Information leak

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200409-10
(multi-gnome-terminal: Information leak)

multi-gnome-terminal contains debugging code that has been known to output
active keystrokes to a potentially unsafe location. Output has been seen to
show up in the '.xsession-errors' file in the users home directory. Since
this file is world-readable on many machines, this bug has the potential to
leak sensitive information to anyone using the system.

Impact :

Any authorized user on the local machine has the ability to read any
critical data that has been entered into the terminal, including passwords.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200409-10.xml

Solution :

All multi-gnome-terminal users should upgrade to the latest version:
# emerge sync
# emerge -pv '>=x11-terms/multi-gnome-terminal-1.6.2-r1'
# emerge '>=x11-terms/multi-gnome-terminal-1.6.2-r1'

Risk factor :

Medium

Family: Gentoo Local Security Checks

Nessus Plugin ID: 14669 (gentoo_GLSA-200409-10.nasl)

Bugtraq ID:

CVE ID: