Vulnerability Name:

CVE-2004-0233 (CCN-15904)

Assigned:2004-04-03
Published:2004-04-03
Updated:2017-10-11
Summary:Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2004-0233

Source: CCN
Type: RHSA-2004-174
utempter security update

Source: CCN
Type: RHSA-2004-175
Updated utempter package fixes vulnerability

Source: GENTOO
Type: UNKNOWN
GLSA-200405-05

Source: CCN
Type: Sun Alert ID: 57658
Security Vulnerabilities Involving the utempter(8) Utility

Source: SUNALERT
Type: UNKNOWN
1000752

Source: CCN
Type: CIAC Information Bulletin O-133
Red Hat utempter Package Vulnerability

Source: CCN
Type: GLSA-200405-05
Utempter symlink vulnerability

Source: CCN
Type: GLSA 200405-05
Utempter symlink vulnerability

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:031

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:174

Source: REDHAT
Type: UNKNOWN
RHSA-2004:175

Source: BID
Type: Exploit, Patch, Vendor Advisory
10178

Source: CCN
Type: BID-10178
UTempter Multiple Local Vulnerabilities

Source: SLACKWARE
Type: UNKNOWN
SSA:2004-110

Source: CCN
Type: slackware-security Mailing List, Mon, 19 Apr 2004 14:18:23 -0700 (PDT)
utempter security update (SSA:2004-110-01)

Source: XF
Type: UNKNOWN
utemper-symlink(15904)

Source: XF
Type: UNKNOWN
utemper-symlink(15904)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10115

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:979

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sgi:propack:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:sgi:propack:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:utempter:utempter:0.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:utempter:utempter:0.5.3:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:slackware:slackware_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040233
    V
    		CVE-2004-0233
    2015-11-16
    oval:org.mitre.oval:def:10115
    V
    		Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
    2013-04-29
    oval:org.mitre.oval:def:979
    V
    		Utempter Directory Traversal Vulnerability
    2004-07-12
    oval:com.redhat.rhsa:def:20040174
    P
    		RHSA-2004:174: utempter security update (Moderate)
    2004-05-26
    BACK
    sgi propack 2.4
    sgi propack 3.0
    utempter utempter 0.5.2
    utempter utempter 0.5.3
    slackware slackware linux *
    slackware slackware linux 9.1
    gentoo linux *
    mandrakesoft mandrake multi network firewall 8.2
    slackware slackware linux current
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux 9.0
    redhat enterprise linux 2.1
    slackware slackware linux 9.1
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.0
    redhat enterprise linux 3
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1