On Tue, Sep 20, 2005 at 09:01:20AM +1000, Paul Szabo wrote: > Package: libzvt2 > Version: 1.4.2-19 > Severity: critical > File: /usr/sbin/gnome-pty-helper > Justification: root security hole
> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary > DISPLAY (host) settings. I am not sure if it can be tricked into erasing > existing records. Why is this filed at severity: critical? What is the attack vector here which permits root privilege escalation? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature