| Definition Id: oval:org.mitre.oval:def:979 |
Version: 1
Last Modified: 2004-06-10
|
| Title: |
Utempter Directory Traversal Vulnerability |
| Description: |
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files. |
| Family: |
unix |
Class: |
vulnerability |
| Status: |
ACCEPTED |
Reference(s): |
CVE-2004-0233
|
| Platform(s): |
Red Hat Enterprise Linux 3 |
Product(s): |
|
| Definition Synopsis: |
- Software section
- AND Configuration section
- /usr/sbin/utempter is executable
|
