For full details please see http://bugs.debian.org/329156 Extracts from above: Paul Szabo <psz@xxxxxxxxxxxxxxxxx>: gnome-pty-helper can be made to write utmp/wtmp records with arbitrary DISPLAY (host) settings. ... ... I do not know any root escalation methods. ... cannot think of any "important" uses of utmp/wtmp files. ... Steve Langasek, Debian Developer: Hmm... After rereading the definition at <http://www.debian.org/Bugs/Developer#severities>, I guess there's no reason for this bug to not fall under the description of 'critical', since the security hole is present just from the installation of the package. Lo=EFc Minier: This vulnerability is identified as CAN-2005-0023. The upstream developers of vte have been notified of the bug at: <http://bugzilla.gnome.org/show_bug.cgi?id=317312> Martin Schulze (Joey): being able to write arbitrary strings into valid records without overwriting any other data in utmp/wtmp can hardly be classified as a security vulnerability. ... Ok, so unless somebody proves us wrong we don't consider this a security problem. Cheers, Paul Szabo psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
