[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200510072129.j97LTN82011208@pisa.maths.usyd.edu.au>
Date: Fri Oct 7 22:29:34 2005
From: psz at maths.usyd.edu.au (Paul Szabo)
Subject: gnome-pty-helper writes arbitrary utmp records
For full details please see
http://bugs.debian.org/329156
Extracts from above:
Paul Szabo <psz@...hs.usyd.edu.au>:
gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
DISPLAY (host) settings. ...
...
I do not know any root escalation methods. ... cannot think of any
"important" uses of utmp/wtmp files. ...
Steve Langasek, Debian Developer:
Hmm... After rereading the definition at
<http://www.debian.org/Bugs/Developer#severities>, I guess there's no
reason for this bug to not fall under the description of 'critical',
since the security hole is present just from the installation of the
package.
Lo=EFc Minier:
This vulnerability is identified as CAN-2005-0023. The upstream
developers of vte have been notified of the bug at:
<http://bugzilla.gnome.org/show_bug.cgi?id=317312>
Martin Schulze (Joey):
being able to write arbitrary strings into valid records without
overwriting any other data in utmp/wtmp can hardly be classified
as a security vulnerability.
...
Ok, so unless somebody proves us wrong we don't consider this a
security problem.
Cheers,
Paul Szabo psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Powered by blists - more mailing lists