Slackware 9.1 / current : utempter security update (SSA:2004-110-01)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Slackware host is missing a security update.

Description :

New utempter packages are available for Slackware 9.1 and -current to
fix a security issue. (Slackware 9.1 was the first version of
Slackware to use the libutempter library, and earlier versions of
Slackware are not affected by this issue) The utempter package
provides a utility and shared library that allows terminal
applications such as xterm and screen to update /var/run/utmp and
/var/log/wtmp without requiring root privileges. Steve Grubb has
identified an issue with utempter-0.5.2 where under certain
circumstances an attacker could cause it to overwrite files through a
symlink. This has been addressed by upgrading the utempter package to
use Dmitry V. Levin's new implementation of libutempter that does not
have this bug.

See also :

http://www.nessus.org/u?35e4089c

Solution :

Update the affected utempter package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

Family: Slackware Local Security Checks

Nessus Plugin ID: 18769 ()

Bugtraq ID:

CVE ID: CVE-2004-0233