Ubuntu Update For Shadow Vulnerability USN-695-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-695-1

Solution

Please Install the Updated Packages.

Insight

Paul Szabo discovered a race condition in login. While setting up tty permissions, login did not correctly handle symlinks. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation.

Affected

shadow vulnerability on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS , Ubuntu 8.10

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-December/000809.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5394
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Ubuntu Update for bind9 USN-1657-1
Ubuntu Update for djvulibre USN-2056-1
Ubuntu Update for bind9 USN-1462-1
Ubuntu Update for clamav USN-2488-1
Ubuntu Update for ekiga, gnomemeeting vulnerabilities USN-426-1

Ubuntu Update for shadow vulnerability USN-695-1

Take action and discover your vulnerabilities