GLSA-200409-10 : multi-gnome-terminal: Information leak

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200409-10
(multi-gnome-terminal: Information leak)

multi-gnome-terminal contains debugging code that has been known to output
active keystrokes to a potentially unsafe location. Output has been seen to
show up in the '.xsession-errors' file in the user's home directory. Since
this file is world-readable on many machines, this bug has the potential to
leak sensitive information to anyone using the system.

Impact :

Any authorized user on the local machine has the ability to read any
critical data that has been entered into the terminal, including passwords.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All multi-gnome-terminal users should upgrade to the latest version:
# emerge sync
# emerge -pv '>=x11-terms/multi-gnome-terminal-1.6.2-r1'
# emerge '>=x11-terms/multi-gnome-terminal-1.6.2-r1'

Risk factor :


Family: Gentoo Local Security Checks

Nessus Plugin ID: 14669 (gentoo_GLSA-200409-10.nasl)

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now