Definition

Utempter Directory Traversal Vulnerability

oval:org.mitre.oval:def:979

Utempter allows device names that contain .. (dot dot) directory traversal sequences which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.

Family:

unix

Status:

ACCEPTED

Platform(s):

Red Hat Enterprise Linux 3

Class:

vulnerability

Reference(s):

CVE-2004-0233

Product(s):