251320 – (CVE-2008-5394) sys-apps/shadow utmp group symlink attack (CVE-2008-5394)

Bug 251320 (CVE-2008-5394) - sys-apps/shadow utmp group symlink attack (CVE-2008-5394)

Summary: sys-apps/shadow utmp group symlink attack (CVE-2008-5394)

Status:	RESOLVED FIXED

Alias:	CVE-2008-5394

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard:	B3 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-12-17 16:02 UTC by Robert Buchholz (RETIRED)
Modified:	2009-03-10 22:44 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-12-17 16:02:33 UTC

CVE-2008-5394 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5394):
  /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other
  Linux distributions, allows local users in the utmp group to
  overwrite arbitrary files via a symlink attack on a temporary file
  referenced in a line (aka ut_line) field in a utmp entry.

Comment 1 SpanKY gentoo-dev

2008-12-25 21:39:59 UTC

this is already fixed in shadow 4.1.2.2 ... i dont know of any reason to keep it from going stable

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2009-01-23 12:04:31 UTC

base-system, please advice.

Comment 3 Diego Elio Pettenò (RETIRED) gentoo-dev

2009-01-23 12:11:26 UTC

Nothing against it going stable either, it's clear from the PAM standpoint.

Comment 4 Stefan Behte (RETIRED) gentoo-dev

2009-01-24 22:46:54 UTC

Arches, please test and mark stable:
=sys-apps/shadow-4.1.2.2
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Comment 5 Markus Meier gentoo-dev

2009-01-25 13:57:20 UTC

amd64/x86 stable

Comment 6 Brent Baude (RETIRED) gentoo-dev

2009-01-25 14:21:30 UTC

ppc64 done

Comment 7 Tobias Klausmann (RETIRED) gentoo-dev

2009-01-25 14:28:04 UTC

Stable on alpha.

Comment 8 Ferris McCormick (RETIRED) gentoo-dev

2009-01-26 13:10:10 UTC

Sparc stable.

Comment 9 Jeroen Roovers (RETIRED) gentoo-dev

2009-01-26 16:33:08 UTC

Stable for HPPA.

Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev

2009-02-01 21:06:21 UTC

ppc stable

Comment 11 Raúl Porcel (RETIRED) gentoo-dev

2009-02-02 19:35:23 UTC

ia64 stable, and the other arches are done

Comment 12 Robert Buchholz (RETIRED) gentoo-dev

2009-02-12 19:16:09 UTC

vote: YES

Comment 13 Stefan Behte (RETIRED) gentoo-dev

2009-02-12 19:42:05 UTC

Yes, too. Request filed.

Comment 14 Pierre-Yves Rofes (RETIRED) gentoo-dev

2009-03-10 22:44:20 UTC

GLSA 200903-24