Paul Szabo discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation. For the stable distribution , this problem has been fixed in version 4.0.18.1-7+etch1. For the unstable distribution , this problem has been fixed in version 4.1.1-6. We recommend that you upgrade your shadow package.