CVE-2016-10369

HIGH7.8EPSS 0.02%

lxterminal - security update

Published: 5/8/2017Modified: 11/19/2025

Also known as:ALPINE-CVE-2016-10369DEBIAN-CVE-2016-10369

Description

unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Affected packages (3)

Alpine/lxterminalfrom 0, < 0.3.0-r1
Debian/lxterminalfrom 0, < 0.3.0-2
Debian/lxterminalfrom 0, < 0.1.11-4+deb7u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2016-10369
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2016-10369