SplitVT: Privilege escalation
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 200803-05 / splitvt |
| Release Date |
March 03, 2008 |
| Latest Revision |
March 03, 2008: 01 |
| Impact |
high |
| Exploitable |
local |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| app-misc/splitvt |
<
1.6.6-r1 |
>=
1.6.6-r1 |
All supported architectures
|
Related bugreports:
#211240
Synopsis
A vulnerability in SplitVT may allow local users to gain escalated
privileges.
2.
Impact Information
Background
SplitVT is a program for splitting terminals into two shells.
Description
Mike Ashton reported that SplitVT does not drop group privileges before
executing the xprop utility.
Impact
A local attacker could exploit this vulnerability to gain the "utmp"
group privileges.
3.
Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All SplitVT users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-misc/splitvt-1.6.6-r1"
|
4.
References
|
