TITLE:
GNOME libzvt "gnome-pty-helper" Hostname Spoofing

SECUNIA ADVISORY ID:
SA17023

VERIFY ADVISORY:
http://secunia.com/advisories/17023/

CRITICAL:
Not critical

IMPACT:
Spoofing

WHERE:
Local system

SOFTWARE:
GNOME 2.x
http://secunia.com/product/3277/

DESCRIPTION:
Paul Szabo has reported a security issue in GNOME libzvt, which can
be exploited by malicious, local users to spoof the hostname that is
recorded into "utmp".

The security issue is caused due to the lack of validation of the
"DISPLAY" environment variable in "gnome-pty-helper" before it is
recorded as the user's logon hostname into "utmp". This can
potentially be exploited by malicious users to spoof the hostname
that is recorded into "utmp".

SOLUTION:
Grant only trusted users access to affected systems.

PROVIDED AND/OR DISCOVERED BY:
Paul Szabo

ORIGINAL ADVISORY:
Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330907

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------