RHEL 2.1 / 3 : utempter (RHSA-2004:174)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated utempter package that fixes a potential symlink
vulnerability is now available.

Utempter is a utility that allows terminal applications such as xterm
and screen to update utmp and wtmp without requiring root privileges.

Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as '/../'. In
combination with an application that trusts the utmp or wtmp files,
this could allow a local attacker the ability to overwrite privileged
files using a symlink.

Users should upgrade to this new version of utempter, which fixes this
vulnerability.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-0233.html
http://rhn.redhat.com/errata/RHSA-2004-174.html

Solution :

Update the affected utempter package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12490 ()

Bugtraq ID:

CVE ID: CVE-2004-0233