blob: 1d756bf69fa143d641e61684b23010c703b2ca46 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200903-24">
<title>Shadow: Privilege escalation</title>
An insecure temporary file usage in Shadow may allow local users to gain
root privileges.
<product type="ebuild">shadow</product>
<announced>March 10, 2009</announced>
<revised>March 10, 2009: 01</revised>
<package name="sys-apps/shadow" auto="yes" arch="*">
<unaffected range="ge"></unaffected>
<vulnerable range="lt"></vulnerable>
Shadow is a set of tools to deal with user accounts.
Paul Szabo reported a race condition in the "login" executable when
setting up tty permissions.
<impact type="high">
A local attacker belonging to the "utmp" group could use symlink
attacks to overwrite arbitrary files and possibly gain root privileges.
There is no known workaround at this time.
All Shadow users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=sys-apps/shadow-;</code>
<uri link="">CVE-2008-5394</uri>
<metadata tag="requester" timestamp="Thu, 12 Feb 2009 19:41:17 +0000">
<metadata tag="submitter" timestamp="Sun, 08 Mar 2009 19:05:06 +0000">
<metadata tag="bugReady" timestamp="Sun, 08 Mar 2009 19:05:15 +0000">