/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
References
Configurations
History
No history.
Information
Published : 2008-12-09 00:30
Updated : 2024-02-28 11:21
NVD link : CVE-2008-5394
Mitre link : CVE-2008-5394
CVE.ORG link : CVE-2008-5394
JSON object : View
Products Affected
debian
- shadow
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')