GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Mar 03, 2008 10:26 pm Post subject: [ GLSA 200803-05 ] SplitVT: Privilege escalation |
|
|
Gentoo Linux Security Advisory
Title: SplitVT: Privilege escalation (GLSA 200803-05)
Severity: high
Exploitable: local
Date: March 03, 2008
Bug(s): #211240
ID: 200803-05
Synopsis
A vulnerability in SplitVT may allow local users to gain escalated privileges.
Background
SplitVT is a program for splitting terminals into two shells.
Affected Packages
Package: app-misc/splitvt
Vulnerable: < 1.6.6-r1
Unaffected: >= 1.6.6-r1
Architectures: All supported architectures
Description
Mike Ashton reported that SplitVT does not drop group privileges before executing the xprop utility.
Impact
A local attacker could exploit this vulnerability to gain the "utmp" group privileges.
Workaround
There is no known workaround at this time.
Resolution
All SplitVT users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-misc/splitvt-1.6.6-r1" |
References
CVE-2008-0162 |
|