Bug 49536

Summary:	sys-apps/utempter potential symlink vulnerability
Product:	Gentoo Security	Reporter:	gen2daniel <gen2daniel>
Component:	GLSA Errors	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	critical	CC:	greg_g, seemant
Priority:	High	Flags:	klieber: Assigned_To? (klieber)
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233
Whiteboard:
Package list:		Runtime testing required:	---

Description gen2daniel 2004-04-30 13:45:34 UTC

Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as '/../'.  In combination
with an application that trusts the utmp or wtmp files, this could allow a
local attacker the ability to overwrite privileged files using a symlink.

Users should upgrade to this new version of utempter, which fixes this
vulnerability.



Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 Donnie Berkholz (RETIRED) gentoo-dev

2004-05-02 10:04:46 UTC

I'll look into this and try to get it updated today or tomorrow at the latest.

Comment 2 Seemant Kulleen (RETIRED) gentoo-dev

2004-05-03 14:16:12 UTC

5.5.4 added into portage -- amd64 and arm people, please mark stable and let us know when you have.

Comment 3 SpanKY gentoo-dev

2004-05-03 14:28:47 UTC

arm stable ;)

Comment 4 Thierry Carrez (RETIRED) gentoo-dev

2004-05-10 05:10:16 UTC

Still waiting for amd64 to mark stable.

Comment 5 Jon Portnoy (RETIRED) gentoo-dev

2004-05-10 09:05:24 UTC

Done.

Comment 6 Thierry Carrez (RETIRED) gentoo-dev

2004-05-10 11:51:42 UTC

Thanks. This one is now ready for a GLSA

Comment 7 Kurt Lieber (RETIRED) gentoo-dev

2004-05-13 09:34:12 UTC

GLSA 200405-05