Comment 5 for bug 22052

Message-ID: <email address hidden>
Date: Mon, 19 Sep 2005 17:44:05 -0700
From: Steve Langasek <email address hidden>
To: Paul Szabo <email address hidden>, <email address hidden>
Subject: Re: Bug#329156: /usr/sbin/gnome-pty-helper: writes arbitrary utmp records

--YD3LsXFS42OYHhNZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Sep 20, 2005 at 09:01:20AM +1000, Paul Szabo wrote:
> Package: libzvt2
> Version: 1.4.2-19
> Severity: critical
> File: /usr/sbin/gnome-pty-helper
> Justification: root security hole

> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
> DISPLAY (host) settings. I am not sure if it can be tricked into erasing
> existing records.

Why is this filed at severity: critical? What is the attack vector here
which permits root privilege escalation?

--=20
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://www.debian.org/

--YD3LsXFS42OYHhNZ
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDL1tVKN6ufymYLloRAiw2AJ9swavyhKadUyYJcstyPanb5WARhgCggNbM
txoJnEmyWdQGzAiHNOD7PX8=
=+Y4N
-----END PGP SIGNATURE-----

--YD3LsXFS42OYHhNZ--