Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

gnome-pty-helper writes arbitrary utmp records
From: Paul Szabo <psz () maths usyd edu au>
Date: Sat, 8 Oct 2005 07:29:23 +1000

For full details please see

  http://bugs.debian.org/329156

Extracts from above:

 Paul Szabo <psz () maths usyd edu au>:
  gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
  DISPLAY (host) settings. ...
  ...
  I do not know any root escalation methods. ... cannot think of any
  "important" uses of utmp/wtmp files. ...

 Steve Langasek, Debian Developer:
  Hmm... After rereading the definition at
  <http://www.debian.org/Bugs/Developer#severities>, I guess there's no
  reason for this bug to not fall under the description of 'critical',
  since the security hole is present just from the installation of the
  package.

 Lo=EFc Minier:
  This vulnerability is identified as CAN-2005-0023.  The upstream
  developers of vte have been notified of the bug at:
    <http://bugzilla.gnome.org/show_bug.cgi?id=317312>

 Martin Schulze (Joey):
  being able to write arbitrary strings into valid records without
  overwriting any other data in utmp/wtmp can hardly be classified
  as a security vulnerability.
  ...
  Ok, so unless somebody proves us wrong we don't consider this a
  security problem.

Cheers,

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • gnome-pty-helper writes arbitrary utmp records Paul Szabo (Oct 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault