Описание
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2004-0233
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15904
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10115
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A979
- http://security.gentoo.org/glsa/glsa-200405-05.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000752.1-1
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:031
- http://www.redhat.com/support/errata/RHSA-2004-174.html
- http://www.redhat.com/support/errata/RHSA-2004-175.html
- http://www.securityfocus.com/bid/10178
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404389
EPSS
CVE ID
Связанные уязвимости
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
Уязвимость операционной системы Red Hat Linux, позволяющая злоумышленнику нарушить целостность защищаемой информации
EPSS