This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated utempter package that fixes a potential symlink
vulnerability is now available.
Utempter is a utility that allows terminal applications such as xterm
and screen to update utmp and wtmp without requiring root privileges.
Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as '/../'. In
combination with an application that trusts the utmp or wtmp files,
this could allow a local attacker the ability to overwrite privileged
files using a symlink.
Users should upgrade to this new version of utempter, which fixes this
See also :
Update the affected utempter package.
Risk factor :
Low / CVSS Base Score : 2.1
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12490 ()
CVE ID: CVE-2004-0233