Comment 1 for bug 22887
Revision history for this message
|
|
#1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
On Tue, Sep 20, 2005 at 09:01:20AM +1000, Paul Szabo wrote:
> Package: libzvt2
> Version: 1.4.2-19
> Severity: critical
> File: /usr/sbin/
> Justification: root security hole
> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
> DISPLAY (host) settings. I am not sure if it can be tricked into erasing
> existing records.
Why is this filed at severity: critical? What is the attack vector here
which permits root privilege escalation?
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://