| Revision Date: | 2013-04-29 | Version: | 12 |
| Title: | Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files. |
| Description: | Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files. |
| Family: | unix | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2004-0233
|
| Platform(s): | CentOS Linux 3
Red Hat Enterprise Linux 3
| Product(s): | |
| Definition Synopsis |
| RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3
OR CentOS Linux 3.x
AND utempter is earlier than 0:0.5.5-1.3EL.0
|