 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50308 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 1 FEDORA-2004-108 (utempter) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to utempter announced via advisory FEDORA-2004-108. Utempter is a utility which allows some non-privileged programs to have required root access without compromising system security. Utempter accomplishes this feat by acting as a buffer between root and the programs. Update Information: Topic: An updated utempter package that fixes a potential symlink vulnerability is now available. Problem Description: Utempter is a utility that allows terminal applications such as xterm and screen to update utmp and wtmp without requiring root privileges. Steve Grubb discovered a flaw in Utempter which allowed device names containing directory traversal sequences such as '/../'. In combination with an application that trusts the utmp or wtmp files, this could allow a local attacker the ability to overwrite privileged files using a symlink. Users should upgrade to this new version of utempter, which fixes this vulnerability. * Tue Apr 20 2004 Mike A. Harris - Build 0.5.5-1 version as 0.5.5-1.2.1EL.0 for RHEL 2.1 erratum - Build 0.5.5-1 version as 0.5.5-1.3EL.0 for RHEL 3 erratum - Build 0.5.5-1 version as 0.5.5-2.RHL9.0 for RHL 9 erratum - Build 0.5.5-1 version as 0.5.5-3.FC1.0 for Fedora Core 1 erratum - Build 0.5.5-1 version as 0.5.5-4 for Fedora Core 2 development head * Mon Apr 19 2004 Mike A. Harris - [SECURITY] Fix CVE-2004-0233 utempter directory traversal symlink attack issue for immediate erratum release. - Build all-arch test package 0.5.5-1 in dist-fc2-scratch * Mon Feb 23 2004 Mike A. Harris - Rewrote post install script to be a bit cleaner and rebuilt in rawhide to pick up twaugh's chown change - Added 'srpm-x' target to Makefile for package maintainer SRPM building * Mon Feb 23 2004 Tim Waugh - Use ':' instead of '.' as separator for chown. Solution: Apply the appropriate updates. http://www.fedoranews.org/updates/FEDORA-2004-108.shtml Risk factor : Medium CVSS Score: 2.1 |
| Cross-Ref: |
BugTraq ID: 10178 Common Vulnerability Exposure (CVE) ID: CVE-2004-0233 http://www.securityfocus.com/bid/10178 http://security.gentoo.org/glsa/glsa-200405-05.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10115 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A979 http://www.redhat.com/support/errata/RHSA-2004-174.html http://www.redhat.com/support/errata/RHSA-2004-175.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404389 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000752.1-1 XForce ISS Database: utemper-symlink(15904) https://exchange.xforce.ibmcloud.com/vulnerabilities/15904 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |