Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| slackware | slackware_linux | * |
| utempter | utempter | 0.5.3 |
| sgi | propack | 2.4 |
| slackware | slackware_linux | 9.1 |
| sgi | propack | 3.0 |
| utempter | utempter | 0.5.2 |