Comment 25 for bug 22052

Message-ID: <email address hidden>
Date: Fri, 30 Sep 2005 13:57:58 +0200
From: =?iso-8859-1?Q?Lo=EFc?= Minier <email address hidden>
To: Paul Szabo <email address hidden>, <email address hidden>,
 <email address hidden>
Subject: Re: Bug#329156: /usr/sbin/gnome-pty-helper: writes arbitrary utmp records

tags 329156 + upstream security
forwarded 329156 http://bugzilla.gnome.org/show_bug.cgi?id=3D317312
clone 329156 -1
reassign -1 libvte4
thanks

[ THIS IS A RESEND, PREVIOUS MAIL WAS LOST. ]

        Hi,

On Tue, Sep 20, 2005, Paul Szabo wrote:
> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
> DISPLAY (host) settings. I am not sure if it can be tricked into erasin=
g
> existing records.

 This vulnerability is identified as CAN-2005-0023. The upstream
 developers of vte have been notified of the bug at:
    <http://bugzilla.gnome.org/show_bug.cgi?id=3D317312>

     Bye,
--=20
Lo=EFc Minier <email address hidden>