MidnightBSD

Advisories for utempter

CVE-2004-0233 LOW

Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
slackware slackware_linux *
utempter utempter 0.5.3
sgi propack 2.4
slackware slackware_linux 9.1
sgi propack 3.0
utempter utempter 0.5.2