Bugtraq mailing list archives
gnome-pty-helper writes arbitrary utmp records
From: Paul Szabo <psz () maths usyd edu au>
Date: Sat, 8 Oct 2005 07:29:23 +1000
For full details please see http://bugs.debian.org/329156 Extracts from above: Paul Szabo <psz () maths usyd edu au>: gnome-pty-helper can be made to write utmp/wtmp records with arbitrary DISPLAY (host) settings. ... ... I do not know any root escalation methods. ... cannot think of any "important" uses of utmp/wtmp files. ... Steve Langasek, Debian Developer: Hmm... After rereading the definition at <http://www.debian.org/Bugs/Developer#severities>, I guess there's no reason for this bug to not fall under the description of 'critical', since the security hole is present just from the installation of the package. Lo=EFc Minier: This vulnerability is identified as CAN-2005-0023. The upstream developers of vte have been notified of the bug at: <http://bugzilla.gnome.org/show_bug.cgi?id=317312> Martin Schulze (Joey): being able to write arbitrary strings into valid records without overwriting any other data in utmp/wtmp can hardly be classified as a security vulnerability. ... Ok, so unless somebody proves us wrong we don't consider this a security problem. Cheers, Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
Current thread:
- gnome-pty-helper writes arbitrary utmp records Paul Szabo (Oct 08)