Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 211240 (CVE-2008-0162)

Summary: app-misc/splitvt <=1.6.6 "xprop" Privilege Escalation Security Issue (CVE-2008-0162)
Product: Gentoo Security Reporter: Lars Hartmann <lars>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: major CC: shell-tools
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---

Description Lars Hartmann 2008-02-24 09:01:34 UTC
A security issue has been reported in SplitVT, which can be exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to the program maintaining group privileges while executing the "xprop" utility. This can be exploited by malicious, local users to gain "utmp" group privileges.

The security issue is reported in versions 1.6.5 and 1.6.6. Other versions may also be affected.

apply the patch from debian from
Comment 1 Lars Hartmann 2008-02-24 09:03:18 UTC
maintainers - please provide an updated ebuild
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2008-02-25 08:15:24 UTC
app-misc/splitvt-1.6.6-r1 is in the tree and includes fix for this bug.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-25 20:30:22 UTC
Arches please test and mark stable. Target keywords are:

splitvt-1.6.6-r1.ebuild:KEYWORDS="~amd64 ~ia64 ppc sparc x86"
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2008-02-25 21:13:01 UTC
x86 stable
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2008-02-26 14:48:50 UTC
sparc stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2008-02-26 17:31:33 UTC
ppc stable
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2008-02-26 20:22:07 UTC
Fixed in release snapshot.
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-26 20:35:20 UTC
Request filed.
Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-03-03 21:23:39 UTC
GLSA 200803-05