Download
| Alert*
oval:org.mitre.oval:def:7801
Paul Szabo discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root pri ... oval:org.secpod.oval:def:300743 A security vulnerability has been identified and fixed in login application from shadow-utils, which could allow local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line field in a utmp entry . The updated packages have been patched to ... oval:org.secpod.oval:def:600409 Paul Szabo discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root pri ... |