Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sgi propack 2.4 |
||
sgi propack 3.0 |
||
utempter utempter 0.5.2 |
||
utempter utempter 0.5.3 |
||
slackware slackware linux |
||
slackware slackware linux 9.1 |