EUVD-2004-0233

Malware in sbrugna...

RHSA-2004:174 Red Hat Security Advisory: utempter security update

Bulletin has no description...

UTempter 0.5.x Multiple Local Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10178/info It has been reported that utempter is affected by multiple local vulnerabilities. The first issue is due to an input validation error that causes the application to exit improperly; facilitating symbolic link...

utempter information spoofing

User supplied data is not checked before writing to utmp...

utempter allows fake host setting

Quoting from http://bugs.debian.org/689562 Utempter does not cannot? verify the setting of host, so it can easily be faked. This may affect any software that depend on utmp correctness. Demo of the issue: psz@bari:$ cat silly.c include sys/types.h include sys/stat.h include fcntl.h include unistd...

Utempter Fake Entry Manipulation

Quoting from http://bugs.debian.org/689562 Utempter does not cannot? verify the setting of host, so it can easily be faked. This may affect any software that depend on utmp correctness. Demo of the issue: psz@bari:$ cat silly.c include include include include include int main int i; i =...

Slackware Advisory SSA:2004-110-01 utempter security update

The remote host is missing an update as announced via advisory SSA:2004-110-01. OpenVAS Vulnerability Test $Id: esoftslkssa200411001.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

Slackware: Security Advisory (SSA:2004-110-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200405-05 (utempter)

The remote host is missing updates announced in advisory GLSA 200405-05. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200405-05 (utempter)

The remote host is missing updates announced in advisory GLSA 200405-05. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Slackware 9.1 / current : utempter security update (SSA:2004-110-01)

New utempter packages are available for Slackware 9.1 and -current to fix a security issue. Slackware 9.1 was the first version of Slackware to use the libutempter library, and earlier versions of Slackware are not affected by this issue The utempter package provides a utility and shared library...

GLSA-200405-05 : Utempter symlink vulnerability

The remote host is affected by the vulnerability described in GLSA-200405-05 Utempter symlink vulnerability Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack. Impact : This vulnerability may allow arbitrary files to be overwritten with...

CVE-2004-0233

Utempter allows device names that contain .. dot dot directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files...

Mandrake Linux Security Advisory : utempter (MDKSA-2004:031-1)

Steve Grubb discovered two potential issues in the utempter program : 1 If the path to the device contained /../ or /./ or //, the program was not exiting as it should. It would be possible to use something like /dev/../tmp/tty0, and then if /tmp/tty0 were deleted and symlinked to another importa...

Fedora Core 1 : utempter-0.5.5-3.FC1.0 (2004-108)

Topic: An updated utempter package that fixes a potential symlink vulnerability is now available. Problem Description: Utempter is a utility that allows terminal applications such as xterm and screen to update utmp and wtmp without requiring root privileges. Steve Grubb discovered a flaw in...

RHEL 2.1 / 3 : utempter (RHSA-2004:174)

An updated utempter package that fixes a potential symlink vulnerability is now available. Utempter is a utility that allows terminal applications such as xterm and screen to update utmp and wtmp without requiring root privileges. Steve Grubb discovered a flaw in Utempter which allowed device nam...

Moderate: Red Hat Security Advisory: utempter security update

An updated utempter package that fixes a potential symlink vulnerability is now available. Utempter is a utility that allows terminal applications such as xterm and screen to update utmp and wtmp without requiring root privileges. Steve Grubb discovered a flaw in Utempter which allowed device nam...

Utempter symlink vulnerability

Background Utempter is an application that allows non-privileged apps to write utmp login info, which otherwise needs root access. Description Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack. Impact This vulnerability may allow...

CVE-2004-0233

CVE-2004-0233 describes a symlink vulnerability in the utempter library, where device names containing .. (dot dot) directory traversal can enable local users to overwrite arbitrary files via a symlink attack when an application trusts utmp/wtmp. Public documents from Slackware, Gentoo, Gentoo GL...

MDKSA-2004:031 - Updated utempter packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: utempter Advisory ID: MDKSA-2004:031 Date: April 19th, 2004 Affected versions: 10.0, 9.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Problem Description: Steve Grubb discovered two...