This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.
The remote Slackware host is missing a security update.
New utempter packages are available for Slackware 9.1 and -current to
fix a security issue. (Slackware 9.1 was the first version of
Slackware to use the libutempter library, and earlier versions of
Slackware are not affected by this issue) The utempter package
provides a utility and shared library that allows terminal
applications such as xterm and screen to update /var/run/utmp and
/var/log/wtmp without requiring root privileges. Steve Grubb has
identified an issue with utempter-0.5.2 where under certain
circumstances an attacker could cause it to overwrite files through a
symlink. This has been addressed by upgrading the utempter package to
use Dmitry V. Levin's new implementation of libutempter that does not
have this bug.
See also :
Update the affected utempter package.
Risk factor :
Low / CVSS Base Score : 2.1
Family: Slackware Local Security Checks
Nessus Plugin ID: 18769 ()
CVE ID: CVE-2004-0233