(RHSA-2004:174) utempter security update

2004-05-2600:00:00

access.redhat.com

0.0004 Low

EPSS

Percentile

9.7%

JSON

Utempter is a utility that allows terminal applications such as xterm and
screen to update utmp and wtmp without requiring root privileges.

Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as ‘/…/’. In combination
with an application that trusts the utmp or wtmp files, this could allow a
local attacker the ability to overwrite privileged files using a symlink.

Users should upgrade to this new version of utempter, which fixes this
vulnerability.

OSVersionArchitecturePackageVersionFilename
RedHatanys390utempter< 0.5.5-1.3EL.0utempter-0.5.5-1.3EL.0.s390.rpm
RedHatanys390xutempter< 0.5.5-1.3EL.0utempter-0.5.5-1.3EL.0.s390x.rpm
RedHatanyi386utempter< 0.5.5-1.3EL.0utempter-0.5.5-1.3EL.0.i386.rpm
RedHatanyppcutempter< 0.5.5-1.3EL.0utempter-0.5.5-1.3EL.0.ppc.rpm
RedHatanyx86_64utempter< 0.5.5-1.3EL.0utempter-0.5.5-1.3EL.0.x86_64.rpm
RedHatanyi386utempter< 0.5.5-1.2.1EL.0utempter-0.5.5-1.2.1EL.0.i386.rpm
RedHatanyia64utempter< 0.5.5-1.2.1EL.0utempter-0.5.5-1.2.1EL.0.ia64.rpm
RedHatanyia64utempter< 0.5.5-1.3EL.0utempter-0.5.5-1.3EL.0.ia64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	s390	utempter	< 0.5.5-1.3EL.0	utempter-0.5.5-1.3EL.0.s390.rpm
RedHat	any	s390x	utempter	< 0.5.5-1.3EL.0	utempter-0.5.5-1.3EL.0.s390x.rpm
RedHat	any	i386	utempter	< 0.5.5-1.3EL.0	utempter-0.5.5-1.3EL.0.i386.rpm
RedHat	any	ppc	utempter	< 0.5.5-1.3EL.0	utempter-0.5.5-1.3EL.0.ppc.rpm
RedHat	any	x86_64	utempter	< 0.5.5-1.3EL.0	utempter-0.5.5-1.3EL.0.x86_64.rpm
RedHat	any	i386	utempter	< 0.5.5-1.2.1EL.0	utempter-0.5.5-1.2.1EL.0.i386.rpm
RedHat	any	ia64	utempter	< 0.5.5-1.2.1EL.0	utempter-0.5.5-1.2.1EL.0.ia64.rpm
RedHat	any	ia64	utempter	< 0.5.5-1.3EL.0	utempter-0.5.5-1.3EL.0.ia64.rpm

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for RHSA-2004:174