Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
- http://bugs.debian.org/505071
- http://bugs.debian.org/505271
- http://securityreason.com/securityalert/4695
- https://www.exploit-db.com/exploits/7313
No PoCs found on GitHub currently.