Summary
Ubuntu Update for Linux kernel vulnerabilities USN-695-1
Solution
Please Install the Updated Packages.
Insight
Paul Szabo discovered a race condition in login. While setting up tty permissions, login did not correctly handle symlinks. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation.
Affected
shadow vulnerability on Ubuntu 6.06 LTS ,
Ubuntu 7.10 ,
Ubuntu 8.04 LTS ,
Ubuntu 8.10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-5394 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities