SplitVT: Privilege escalation — GLSA 200803-05

A vulnerability in SplitVT may allow local users to gain escalated privileges.

Affected packages

app-misc/splitvt on all architectures
Affected versions < 1.6.6-r1
Unaffected versions >= 1.6.6-r1

Background

SplitVT is a program for splitting terminals into two shells.

Description

Mike Ashton reported that SplitVT does not drop group privileges before executing the xprop utility.

Impact

A local attacker could exploit this vulnerability to gain the "utmp" group privileges.

Workaround

There is no known workaround at this time.

Resolution

All SplitVT users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-misc/splitvt-1.6.6-r1"

References

Release date
March 03, 2008

Latest revision
March 03, 2008: 01

Severity
high

Exploitable
local

Bugzilla entries