lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <200510072129.j97LTN82011208@pisa.maths.usyd.edu.au>
Date: Sat, 8 Oct 2005 07:29:23 +1000
From: Paul Szabo <psz@...hs.usyd.edu.au>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: gnome-pty-helper writes arbitrary utmp records


For full details please see

  http://bugs.debian.org/329156

Extracts from above:

 Paul Szabo <psz@...hs.usyd.edu.au>:
  gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
  DISPLAY (host) settings. ...
  ...
  I do not know any root escalation methods. ... cannot think of any
  "important" uses of utmp/wtmp files. ...

 Steve Langasek, Debian Developer:
  Hmm... After rereading the definition at
  <http://www.debian.org/Bugs/Developer#severities>, I guess there's no
  reason for this bug to not fall under the description of 'critical',
  since the security hole is present just from the installation of the
  package.

 Lo=EFc Minier:
  This vulnerability is identified as CAN-2005-0023.  The upstream
  developers of vte have been notified of the bug at:
    <http://bugzilla.gnome.org/show_bug.cgi?id=317312>

 Martin Schulze (Joey):
  being able to write arbitrary strings into valid records without
  overwriting any other data in utmp/wtmp can hardly be classified
  as a security vulnerability.
  ...
  Ok, so unless somebody proves us wrong we don't consider this a
  security problem.

Cheers,

Paul Szabo   psz@...hs.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ