Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 251320 (CVE-2008-5394) - sys-apps/shadow utmp group symlink attack (CVE-2008-5394)
Summary: sys-apps/shadow utmp group symlink attack (CVE-2008-5394)
Status: RESOLVED FIXED
Alias: CVE-2008-5394
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-17 16:02 UTC by Robert Buchholz (RETIRED)
Modified: 2009-03-10 22:44 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-12-17 16:02:33 UTC 
CVE-2008-5394 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5394):
  /bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other
  Linux distributions, allows local users in the utmp group to
  overwrite arbitrary files via a symlink attack on a temporary file
  referenced in a line (aka ut_line) field in a utmp entry.
Comment 1 SpanKY gentoo-dev 2008-12-25 21:39:59 UTC 
this is already fixed in shadow 4.1.2.2 ... i dont know of any reason to keep it from going stable
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-23 12:04:31 UTC 
base-system, please advice.
Comment 3 Diego Elio Pettenò (RETIRED) gentoo-dev 2009-01-23 12:11:26 UTC 
Nothing against it going stable either, it's clear from the PAM standpoint.
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2009-01-24 22:46:54 UTC 
Arches, please test and mark stable:
=sys-apps/shadow-4.1.2.2
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 5 Markus Meier gentoo-dev 2009-01-25 13:57:20 UTC 
amd64/x86 stable
Comment 6 Brent Baude (RETIRED) gentoo-dev 2009-01-25 14:21:30 UTC 
ppc64 done
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2009-01-25 14:28:04 UTC 
Stable on alpha.
Comment 8 Ferris McCormick (RETIRED) gentoo-dev 2009-01-26 13:10:10 UTC 
Sparc stable.
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2009-01-26 16:33:08 UTC 
Stable for HPPA.
Comment 10 Tobias Scherbaum (RETIRED) gentoo-dev 2009-02-01 21:06:21 UTC 
ppc stable
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2009-02-02 19:35:23 UTC 
ia64 stable, and the other arches are done
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2009-02-12 19:16:09 UTC 
vote: YES
Comment 13 Stefan Behte (RETIRED) gentoo-dev Security 2009-02-12 19:42:05 UTC 
Yes, too. Request filed.
Comment 14 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-03-10 22:44:20 UTC 
GLSA 200903-24