CVE-2008-5394

Debian GNU/Linux - Local Privilege Escalation

Title source: llm

Description

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Paul Szabo · bashlocallinux

https://www.exploit-db.com/exploits/7313

View Code ZIP pw:eip

References (12)

[Issue Tracking] http://bugs.debian.org/332198

[Issue Tracking] http://bugs.debian.org/505071

[Issue Tracking] http://bugs.debian.org/505271

[Third Party Advisory, VDB Entry] http://osvdb.org/52200

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2009:062

[Vendor Advisory] http://www.ubuntu.com/usn/usn-695-1

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/47037

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/498769/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/32552

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7313

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200903-24.xml

[Third Party Advisory] http://securityreason.com/securityalert/4695

Scores

EPSS 0.0008

EPSS Percentile 24.1%

Classification

CWE

CWE-59

Status draft

Affected Products (1)

debian/shadow

Timeline

Published Dec 09, 2008

Tracked Since Feb 18, 2026