Secunia Security Advisory - Paul Szabo has reported a security issue in GNOME libzvt, which can be exploited by malicious, local users to spoof the hostname that is recorded into utmp.
c07fa5beddfa36cdda92584b5052d39ab26008d53b4c2fbf800aacf91b8cce9b
TITLE:
GNOME libzvt "gnome-pty-helper" Hostname Spoofing
SECUNIA ADVISORY ID:
SA17023
VERIFY ADVISORY:
http://secunia.com/advisories/17023/
CRITICAL:
Not critical
IMPACT:
Spoofing
WHERE:
Local system
SOFTWARE:
GNOME 2.x
http://secunia.com/product/3277/
DESCRIPTION:
Paul Szabo has reported a security issue in GNOME libzvt, which can
be exploited by malicious, local users to spoof the hostname that is
recorded into "utmp".
The security issue is caused due to the lack of validation of the
"DISPLAY" environment variable in "gnome-pty-helper" before it is
recorded as the user's logon hostname into "utmp". This can
potentially be exploited by malicious users to spoof the hostname
that is recorded into "utmp".
SOLUTION:
Grant only trusted users access to affected systems.
PROVIDED AND/OR DISCOVERED BY:
Paul Szabo
ORIGINAL ADVISORY:
Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330907
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------