Slackware 9.1 / current : utempter security update (SSA:2004-110-01)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.

Synopsis :

The remote Slackware host is missing a security update.

Description :

New utempter packages are available for Slackware 9.1 and -current to
fix a security issue. (Slackware 9.1 was the first version of
Slackware to use the libutempter library, and earlier versions of
Slackware are not affected by this issue) The utempter package
provides a utility and shared library that allows terminal
applications such as xterm and screen to update /var/run/utmp and
/var/log/wtmp without requiring root privileges. Steve Grubb has
identified an issue with utempter-0.5.2 where under certain
circumstances an attacker could cause it to overwrite files through a
symlink. This has been addressed by upgrading the utempter package to
use Dmitry V. Levin's new implementation of libutempter that does not
have this bug.

See also :

Solution :

Update the affected utempter package.

Risk factor :

Low / CVSS Base Score : 2.1

Family: Slackware Local Security Checks

Nessus Plugin ID: 18769 ()

Bugtraq ID:

CVE ID: CVE-2004-0233

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial