Rapid7 Vulnerability & Exploit Database

RHSA-2010:0181: brltty security and bug fix update

Back to Search

RHSA-2010:0181: brltty security and bug fix update

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
04/05/2010
Created
07/25/2018
Added
04/06/2010
Modified
07/04/2017

Description

brltty (Braille TTY) is a background process (daemon) which provides accessto the Linux console (when in text mode) for a blind person using arefreshable braille display. It drives the braille display, and providescomplete screen review functionality.It was discovered that a brltty library had an insecure relative RPATH(runtime library search path) set in the ELF (Executable and LinkingFormat) header. A local user able to convince another user to run anapplication using brltty in an attacker-controlled directory, could runarbitrary code with the privileges of the victim. (CVE-2008-3279)These updated packages also provide fixes for the following bugs:Creating screen inspection device /dev/vcsa...done.was presented at the console. This was inadequate, especially during theinitial install of the system. These updated packages do not send anymessage to the console during installation. (BZ#529163)All brltty users are advised to upgrade to these updated packages, whichresolve these issues.

Solution(s)

  • redhat-upgrade-brlapi
  • redhat-upgrade-brlapi-devel
  • redhat-upgrade-brltty

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;