On Tue, Sep 20, 2005 at 09:01:20AM +1000, Paul Szabo wrote:
> Package: libzvt2
> Version: 1.4.2-19
> Severity: critical
> File: /usr/sbin/gnome-pty-helper
> Justification: root security hole
> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
> DISPLAY (host) settings. I am not sure if it can be tricked into erasing
> existing records.
Why is this filed at severity: critical? What is the attack vector here
which permits root privilege escalation?
--=20
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://www.debian.org/
--YD3LsXFS42OYHhNZ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden> gnome-pty- helper: writes arbitrary utmp records
Date: Mon, 19 Sep 2005 17:44:05 -0700
From: Steve Langasek <email address hidden>
To: Paul Szabo <email address hidden>, <email address hidden>
Subject: Re: Bug#329156: /usr/sbin/
--YD3LsXFS42OYHhNZ Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
On Tue, Sep 20, 2005 at 09:01:20AM +1000, Paul Szabo wrote: gnome-pty- helper
> Package: libzvt2
> Version: 1.4.2-19
> Severity: critical
> File: /usr/sbin/
> Justification: root security hole
> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
> DISPLAY (host) settings. I am not sure if it can be tricked into erasing
> existing records.
Why is this filed at severity: critical? What is the attack vector here
which permits root privilege escalation?
--=20 www.debian. org/
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://
--YD3LsXFS42OYHhNZ pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
ufymYLloRAiw2AJ 9swavyhKadUyYJc styPanb5WARhgCg gNbM HNOD7PX8=
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDL1tVKN6
txoJnEmyWdQGzAi
=+Y4N
-----END PGP SIGNATURE-----
--YD3LsXFS42OYH hNZ--