CVE-2008-5394

EPSS 0.08%

shadow - privilege escalation

Published: 12/9/2008Modified: 4/28/2026

Description

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.

Affected packages (2)

Debian/shadowfrom 0, < 1:4.1.1-6
Debian/shadowfrom 0, < 1:4.0.18.1-7+etch1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-5394