CVE-2005-0023

GNOME libzvt2/libvte4 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0023. PoCs published by Paul Szabo.

AI-analyzed exploit summary This exploit demonstrates a local UTMP hostname spoofing vulnerability in gnome-pty-helper by manipulating environment variables and leveraging the helper process to write arbitrary UTMP records. It requires compilation against gnome-libs-1.4.2/zvt and uses socket pairs to communicate with the SUID gnome-pty-helper binary.

Description

gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Paul Szabo · clocallinux

https://www.exploit-db.com/exploits/26321

View Code ZIP pw:eip

This exploit demonstrates a local UTMP hostname spoofing vulnerability in gnome-pty-helper by manipulating environment variables and leveraging the helper process to write arbitrary UTMP records. It requires compilation against gnome-libs-1.4.2/zvt and uses socket pairs to communicate with the SUID gnome-pty-helper binary.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: gnome-pty-helper (gnome-libs-1.4.2)

No auth needed

Prerequisites: Access to a system with gnome-pty-helper installed · Ability to compile the exploit against gnome-libs-1.4.2/zvt

MITRE ATT&CK