RedHatRHSA-2004:174(RHSA-2004:174) utempter security update
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
8.1%
Utempter is a utility that allows terminal applications such as xterm and
screen to update utmp and wtmp without requiring root privileges.
Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as ‘/…/’. In combination
with an application that trusts the utmp or wtmp files, this could allow a
local attacker the ability to overwrite privileged files using a symlink.
Users should upgrade to this new version of utempter, which fixes this
vulnerability.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | s390 | utempter | < 0.5.5-1.3EL.0 | utempter-0.5.5-1.3EL.0.s390.rpm |
| RedHat | any | s390x | utempter | < 0.5.5-1.3EL.0 | utempter-0.5.5-1.3EL.0.s390x.rpm |
| RedHat | any | i386 | utempter | < 0.5.5-1.3EL.0 | utempter-0.5.5-1.3EL.0.i386.rpm |
| RedHat | any | ppc | utempter | < 0.5.5-1.3EL.0 | utempter-0.5.5-1.3EL.0.ppc.rpm |
| RedHat | any | x86_64 | utempter | < 0.5.5-1.3EL.0 | utempter-0.5.5-1.3EL.0.x86_64.rpm |
| RedHat | any | i386 | utempter | < 0.5.5-1.2.1EL.0 | utempter-0.5.5-1.2.1EL.0.i386.rpm |
| RedHat | any | ia64 | utempter | < 0.5.5-1.2.1EL.0 | utempter-0.5.5-1.2.1EL.0.ia64.rpm |
| RedHat | any | ia64 | utempter | < 0.5.5-1.3EL.0 | utempter-0.5.5-1.3EL.0.ia64.rpm |
Related
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
8.1%