Gentoo Bug 211240 - app-misc/splitvt <=1.6.6 "xprop" Privilege Escalation Security Issue (CVE-2008-0162)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	211240
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Lars Hartmann <lars@chaotika.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 211240 depends on:			Show dependency tree
Bug 211240 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-02-24 09:01 0000

A security issue has been reported in SplitVT, which can be exploited by
malicious, local users to gain escalated privileges.

The security issue is caused due to the program maintaining group privileges
while executing the "xprop" utility. This can be exploited by malicious, local
users to gain "utmp" group privileges.

The security issue is reported in versions 1.6.5 and 1.6.6. Other versions may
also be affected.

Solution:
apply the patch from debian from http://www.debian.org/security/2008/dsa-1500

------- Comment #1 From Lars Hartmann 2008-02-24 09:03:18 0000 -------

maintainers - please provide an updated ebuild

------- Comment #2 From Peter Volkov 2008-02-25 08:15:24 0000 -------

app-misc/splitvt-1.6.6-r1 is in the tree and includes fix for this bug.

------- Comment #3 From Sune Kloppenborg Jeppesen 2008-02-25 20:30:22 0000 -------

Arches please test and mark stable. Target keywords are:

splitvt-1.6.6-r1.ebuild:KEYWORDS="~amd64 ~ia64 ppc sparc x86"

------- Comment #4 From Christian Faulhammer 2008-02-25 21:13:01 0000 -------

x86 stable

------- Comment #5 From Raúl Porcel 2008-02-26 14:48:50 0000 -------

sparc stable

------- Comment #6 From Tobias Scherbaum 2008-02-26 17:31:33 0000 -------

ppc stable

------- Comment #7 From Peter Volkov 2008-02-26 20:22:07 0000 -------

Fixed in release snapshot.

------- Comment #8 From Sune Kloppenborg Jeppesen 2008-02-26 20:35:20 0000 -------

Request filed.

------- Comment #9 From Pierre-Yves Rofes 2008-03-03 21:23:39 0000 -------

GLSA 200803-05

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 211240

app-misc/splitvt <=1.6.6 "xprop" Privilege Escalation Security Issue (CVE-2008-0162)

Last modified: 2008-03-03 21:23:39 0000