Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0233

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-0233
Last Modified 21 Aug 2010 12:20:00
Published 18 Aug 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0233

Summary

Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.

Vulnerable Systems

Operating System

  • Slackware Linux

  • Slackware Linux 9.1

Application

  • Sgi Propack 2.4

  • Sgi Propack 3.0

  • Utempter 0.5.2

  • Utempter 0.5.3


References

BID - 10178

REDHAT - RHSA-2004:174

XF - utemper-symlink(15904)

SLACKWARE - SSA:2004-110

REDHAT - RHSA-2004:175

SUNALERT - 1000752

GENTOO - GLSA-200405-05

MANDRAKE - MDKSA-2004:031


Last Updated: 27 May 2016 10:38:32