Detections
Analytics

Slackware 9.1 / current : utempter security update (SSA:2004-110-01)

low Nessus Plugin ID 18769

Synopsis

The remote Slackware host is missing a security update.

Description

New utempter packages are available for Slackware 9.1 and -current to fix a security issue. (Slackware 9.1 was the first version of Slackware to use the libutempter library, and earlier versions of Slackware are not affected by this issue) The utempter package provides a utility and shared library that allows terminal applications such as xterm and screen to update /var/run/utmp and /var/log/wtmp without requiring root privileges. Steve Grubb has identified an issue with utempter-0.5.2 where under certain circumstances an attacker could cause it to overwrite files through a symlink. This has been addressed by upgrading the utempter package to use Dmitry V. Levin's new implementation of libutempter that does not have this bug.

Solution

Update the affected utempter package.

See Also

http://www.nessus.org/u?35e4089c

Plugin Details

Severity: Low

ID: 18769

File Name: Slackware_SSA_2004-110-01.nasl

Version: 1.18

Type: local

Published: 7/13/2005

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:utempter, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:9.1

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/19/2004

Vulnerability Publication Date: 4/19/2004

Reference Information

CVE: CVE-2004-0233

SSA: 2004-110-01