severity 537604 important thanks Hi, * Piotr Engelking <[email protected]> [2009-07-19 20:39]: > If scrot is installed, users are able to overwrite arbitrary files in the > filesystem. > > Pressing F11 on the slim login screen runs scrot with the root rights to > save a screenshot to /tmp/slim.png. If this file is symlinked to another > location, that location is overwritten instead. > > This bug is introduced by debian/patches/slim-conf.patch and hence > Debian-specific - upstream saves the screenshot in the directory that is > only writable by root.
I am lowering the severity given that this exploit scenario is rather constructed. This requires scrot which is neither in Depends nor in Recommends (but in Suggests) and the attacker needs local access as well as physical access (or waiting for the victim to press F11 which is even more unlikely) to the machine itself. I guess using one of the many local root exploits is way more likely ;) Anyway, you are right, it's a security issue. Cheers Nico P.S. I am not the maintainer -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
pgpey7Lj6iuST.pgp
Description: PGP signature
