Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 211240 (CVE-2008-0162) - app-misc/splitvt <=1.6.6 "xprop" Privilege Escalation Security Issue (CVE-2008-0162)
Summary: app-misc/splitvt <=1.6.6 "xprop" Privilege Escalation Security Issue (CVE-200...
Status: RESOLVED FIXED
Alias: CVE-2008-0162
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/29080
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-02-24 09:01 UTC by Lars Hartmann
Modified: 2008-03-03 21:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Hartmann 2008-02-24 09:01:34 UTC
A security issue has been reported in SplitVT, which can be exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to the program maintaining group privileges while executing the "xprop" utility. This can be exploited by malicious, local users to gain "utmp" group privileges.

The security issue is reported in versions 1.6.5 and 1.6.6. Other versions may also be affected.

Solution:
apply the patch from debian from http://www.debian.org/security/2008/dsa-1500
Comment 1 Lars Hartmann 2008-02-24 09:03:18 UTC
maintainers - please provide an updated ebuild
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2008-02-25 08:15:24 UTC
app-misc/splitvt-1.6.6-r1 is in the tree and includes fix for this bug.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-25 20:30:22 UTC
Arches please test and mark stable. Target keywords are:

splitvt-1.6.6-r1.ebuild:KEYWORDS="~amd64 ~ia64 ppc sparc x86"
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2008-02-25 21:13:01 UTC
x86 stable
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2008-02-26 14:48:50 UTC
sparc stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2008-02-26 17:31:33 UTC
ppc stable
Comment 7 Peter Volkov (RETIRED) gentoo-dev 2008-02-26 20:22:07 UTC
Fixed in release snapshot.
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-26 20:35:20 UTC
Request filed.
Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-03-03 21:23:39 UTC
GLSA 200803-05