Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.1
CVSSv2

CVE-2004-0233

Published: 18/08/2004 Updated: 11/10/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
VMScore: 215
Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Sgi

Vulnerability Summary

Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.

Vulnerable Product Search on Vulmon Subscribe to Product

sgi propack 2.4

sgi propack 3.0

utempter utempter 0.5.2

utempter utempter 0.5.3

slackware slackware linux

slackware slackware linux 9.1

Vendor Advisories

Red Hat: utempter security update
Synopsis utempter security update Type/Severity Security Advisory: Moderate Topic An updated utempter package that fixes a potential symlink vulnerability isnow available Description Utempter is a utility that allows terminal applications such as xterm andscreen to update utmp and wtmp wit ...

Exploits

Exploit DB: UTempter 0.5.x - Multiple Local Vulnerabilities
source: wwwsecurityfocuscom/bid/10178/info It has been reported that utempter is affected by multiple local vulnerabilities The first issue is due to an input validation error that causes the application to exit improperly; facilitating symbolic link attacks The second issue is due to a failure of the application to properly validate bu ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/10178http://www.redhat.com/support/errata/RHSA-2004-174.htmlhttp://www.redhat.com/support/errata/RHSA-2004-175.htmlhttp://security.gentoo.org/glsa/glsa-200405-05.xmlhttp://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404389http://www.mandriva.com/security/advisories?name=MDKSA-2004:031http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000752.1-1https://exchange.xforce.ibmcloud.com/vulnerabilities/15904https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A979https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10115https://access.redhat.com/errata/RHSA-2004:174https://nvd.nist.govhttps://www.exploit-db.com/exploits/24027/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700CVE-2022-48689CVE-2024-27956CVE-2023-6363SQLNULL pointer dereferenceCVE-2023-41830CVE-2015-2051arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook