Richard Cunningham reported this issue to the vendor.
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux is susceptible to an insecure-permissions vulnerability. This issue is due to a flaw in the 'udev' package that improperly creates '/dev/input' files.
This issue allows local attackers to improperly access files in '/dev/input'. This allows them to sniff user-supplied keyboard and mouse input. Information gathered through this issue, such as passwords, will aid malicious users in further attacks.
An exploit is not required.
Red Hat has released advisory RHSA-2005:864-6, along with fixes to address this issue.
Please see the referenced vendor advisories for further information on obtaining fixes.