<<< Date Index >>>     <<< Thread Index >>>

gnome-pty-helper writes arbitrary utmp records



For full details please see

  http://bugs.debian.org/329156

Extracts from above:

 Paul Szabo <psz@xxxxxxxxxxxxxxxxx>:
  gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
  DISPLAY (host) settings. ...
  ...
  I do not know any root escalation methods. ... cannot think of any
  "important" uses of utmp/wtmp files. ...

 Steve Langasek, Debian Developer:
  Hmm... After rereading the definition at
  <http://www.debian.org/Bugs/Developer#severities>, I guess there's no
  reason for this bug to not fall under the description of 'critical',
  since the security hole is present just from the installation of the
  package.

 Lo=EFc Minier:
  This vulnerability is identified as CAN-2005-0023.  The upstream
  developers of vte have been notified of the bug at:
    <http://bugzilla.gnome.org/show_bug.cgi?id=317312>

 Martin Schulze (Joey):
  being able to write arbitrary strings into valid records without
  overwriting any other data in utmp/wtmp can hardly be classified
  as a security vulnerability.
  ...
  Ok, so unless somebody proves us wrong we don't consider this a
  security problem.

Cheers,

Paul Szabo   psz@xxxxxxxxxxxxxxxxx   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia