Slackware 9.1 / current : utempter security update (SSA:2004-110-01)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.

Synopsis :

The remote Slackware host is missing a security update.

Description :

New utempter packages are available for Slackware 9.1 and -current to
fix a security issue. (Slackware 9.1 was the first version of
Slackware to use the libutempter library, and earlier versions of
Slackware are not affected by this issue) The utempter package
provides a utility and shared library that allows terminal
applications such as xterm and screen to update /var/run/utmp and
/var/log/wtmp without requiring root privileges. Steve Grubb has
identified an issue with utempter-0.5.2 where under certain
circumstances an attacker could cause it to overwrite files through a
symlink. This has been addressed by upgrading the utempter package to
use Dmitry V. Levin's new implementation of libutempter that does not
have this bug.

See also :

Solution :

Update the affected utempter package.

Risk factor :

Low / CVSS Base Score : 2.1
CVSS Temporal Score : 1.8
Public Exploit Available : false

Family: Slackware Local Security Checks

Nessus Plugin ID: 18769 ()

Bugtraq ID:

CVE ID: CVE-2004-0233

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now