Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2004-0233

Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.

Related bugs and status

CVE-2004-0233 (Candidate) is related to these bugs:

Bug #589103: [MIR] libutempter

Summary				In	Importance	Status
	589103	[MIR] libutempter		libutempter (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

REDHAT: RHSA-2004:174
REDHAT: RHSA-2004:175
GENTOO: GLSA-200405-05
BID: 10178
MANDRAKE: MDKSA-2004:031
SUNALERT: 1000752
SLACKWARE: SSA:2004-110
XF: utemper-symlink(15904)
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...