This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated utempter package that fixes a potential symlink
vulnerability is now available.
Utempter is a utility that allows terminal applications such as xterm
and screen to update utmp and wtmp without requiring root privileges.
Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as '/../'. In
combination with an application that trusts the utmp or wtmp files,
this could allow a local attacker the ability to overwrite privileged
files using a symlink.
Users should upgrade to this new version of utempter, which fixes this
See also :
Update the affected utempter package.
Risk factor :
Low / CVSS Base Score : 2.1