Gentoo Logo

Shadow: Privilege escalation

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200903-24 / shadow
Release Date March 10, 2009
Latest Revision March 10, 2009: 01
Impact high
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
sys-apps/shadow < 4.1.2.2 >= 4.1.2.2 All supported architectures

Related bugreports: #251320

Synopsis

An insecure temporary file usage in Shadow may allow local users to gain root privileges.

2.  Impact Information

Background

Shadow is a set of tools to deal with user accounts.

Description

Paul Szabo reported a race condition in the "login" executable when setting up tty permissions.

Impact

A local attacker belonging to the "utmp" group could use symlink attacks to overwrite arbitrary files and possibly gain root privileges.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Shadow users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.2.2"

4.  References

Print

Page updated March 10, 2009

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.