RHEL 2.1 / 3 : utempter (RHSA-2004:174)

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated utempter package that fixes a potential symlink
vulnerability is now available.

Utempter is a utility that allows terminal applications such as xterm
and screen to update utmp and wtmp without requiring root privileges.

Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as '/../'. In
combination with an application that trusts the utmp or wtmp files,
this could allow a local attacker the ability to overwrite privileged
files using a symlink.

Users should upgrade to this new version of utempter, which fixes this

See also :


Solution :

Update the affected utempter package.

Risk factor :

Low / CVSS Base Score : 2.1

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12490 ()

Bugtraq ID:

CVE ID: CVE-2004-0233

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now