Utempter is a utility that allows terminal applications such as xterm and
screen to update utmp and wtmp without requiring root privileges.
Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as ‘/…/’. In combination
with an application that trusts the utmp or wtmp files, this could allow a
local attacker the ability to overwrite privileged files using a symlink.
Users should upgrade to this new version of utempter, which fixes this
vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | s390 | utempter | < 0.5.5-1.3EL.0 | utempter-0.5.5-1.3EL.0.s390.rpm |
RedHat | any | s390x | utempter | < 0.5.5-1.3EL.0 | utempter-0.5.5-1.3EL.0.s390x.rpm |
RedHat | any | i386 | utempter | < 0.5.5-1.3EL.0 | utempter-0.5.5-1.3EL.0.i386.rpm |
RedHat | any | ppc | utempter | < 0.5.5-1.3EL.0 | utempter-0.5.5-1.3EL.0.ppc.rpm |
RedHat | any | x86_64 | utempter | < 0.5.5-1.3EL.0 | utempter-0.5.5-1.3EL.0.x86_64.rpm |
RedHat | any | i386 | utempter | < 0.5.5-1.2.1EL.0 | utempter-0.5.5-1.2.1EL.0.i386.rpm |
RedHat | any | ia64 | utempter | < 0.5.5-1.2.1EL.0 | utempter-0.5.5-1.2.1EL.0.ia64.rpm |
RedHat | any | ia64 | utempter | < 0.5.5-1.3EL.0 | utempter-0.5.5-1.3EL.0.ia64.rpm |