Gentoo: GLSA 200903-24 High Severity: Shadow Privilege Escalation
gentoo
March 10, 2009
An insecure temporary file usage in Shadow may allow local users to gain root privileges.
Summary
Gentoo Linux Security Advisory GLSA 200903-24
https://security.gentoo.org/
Severity: High
Title: Shadow: Privilege escalation
Date: March 10, 2009
Bugs: #251320
ID: 200903-24
Synopsis
=======
An insecure temporary file usage in Shadow may allow local users to
gain root privileges.
Background
=========
Shadow is a set of tools to deal with user accounts.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-apps/shadow < 4.1.2.2 >= 4.1.2.2
==========
Paul Szabo reported a race condition in the "login" executable when
setting up tty permissions.
Impact
=====
A local attacker belonging to the "utmp" group could use symlink
attacks to overwrite arbitrary files a...
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!