There is a group-utmp-to-root privilege escalation vulnerability in
/bin/login in Debian, and I expect in all other Linux distros.
For details and exploit please see
Currently am not aware of any group utmp issues (that could be
leveraged to get root).
Paul Szabo firstname.lastname@example.org http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia