[Full-disclosure] gnome-pty-helper writes arbitrary utmp records
From: Paul Szabo (psz_at_maths.usyd.edu.au)
Date: Sat, 8 Oct 2005 07:29:23 +1000 To: email@example.com, firstname.lastname@example.org
For full details please see
Extracts from above:
Paul Szabo <email@example.com>:
gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
DISPLAY (host) settings. ...
I do not know any root escalation methods. ... cannot think of any
"important" uses of utmp/wtmp files. ...
Steve Langasek, Debian Developer:
Hmm... After rereading the definition at
<http://www.debian.org/Bugs/Developer#severities>, I guess there's no
reason for this bug to not fall under the description of 'critical',
since the security hole is present just from the installation of the
This vulnerability is identified as CAN-2005-0023. The upstream
developers of vte have been notified of the bug at:
Martin Schulze (Joey):
being able to write arbitrary strings into valid records without
overwriting any other data in utmp/wtmp can hardly be classified
as a security vulnerability.
Ok, so unless somebody proves us wrong we don't consider this a
Paul Szabo firstname.lastname@example.org http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/