Bug#329156: /usr/sbin/gnome-pty-helper: writes arbitrary utmp
records
Steve Langasek
vorlon at debian.org
Tue Sep 20 04:17:10 UTC 2005
On Tue, Sep 20, 2005 at 11:05:10AM +1000, Paul Szabo wrote:
> >> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
> >> DISPLAY (host) settings. I am not sure if it can be tricked into erasing
> >> existing records.
> > Why is this filed at severity: critical? What is the attack vector here
> > which permits root privilege escalation?
> I do not know any root escalation methods. When using reportbug, those
> options seemed to fit best, apologies if they were not; please change if
> appropriate. (For future reference: which options should I have used
> instead?)
Hmm... After rereading the definition at
<http://www.debian.org/Bugs/Developer#severities>, I guess there's no reason
for this bug to not fall under the description of 'critical', since the
security hole is present just from the installation of the package.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20050919/ba88b68c/attachment-0001.pgp
More information about the Pkg-gnome-maintainers
mailing list