GLSA Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Thu May 13, 2004 4:37 pm Post subject: [ GLSA 200405-05 ] Utempter symlink vulnerability |
|
|
Gentoo Linux Security Advisory
Title: Utempter symlink vulnerability (GLSA 200405-05)
Severity: normal
Exploitable: local
Date: May 13, 2004
Bug(s): #49536
ID: 200405-05
Synopsis
Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack.
Background
Utempter is an application that allows non-privileged apps to write utmp (login) info, which otherwise needs root access.
Affected Packages
Package: sys-apps/utempter
Vulnerable: < 0.5.5.4
Unaffected: >= 0.5.5.4
Architectures: All supported architectures
Description
Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack.
Impact
This vulnerability may allow arbitrary files to be overwritten with root privileges.
Workaround
There is no known workaround at this time. All users are advised to upgrade to the latest available version of utempter.
Resolution
All users of utempter should upgrade to the latest stable version: Code: | # emerge sync
# emerge -pv ">=sys-apps/utempter-0.5.5.4"
# emerge ">=sys-apps/utempter-0.5.5.4" |
References
CAN-2004-0233
Last edited by GLSA on Sun May 07, 2006 4:51 pm; edited 1 time in total |
|