Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Fedora Local Security Checks --> Category: infos

Fedora Core 2 2004-108: utempter Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the utempter package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory FEDORA-2004-108 (utempter).

Utempter is a utility which allows some non-privileged programs to
have required root access without compromising system
security. Utempter accomplishes this feat by acting as a buffer
between root and the programs.

Update Information:

An updated utempter package that fixes a potential symlink vulnerability is
now available.

Problem Description:
Utempter is a utility that allows terminal applications such as xterm and
screen to update utmp and wtmp without requiring root rights.

Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as '/../'. In combination
with an application that trusts the utmp or wtmp files, this could allow a
local attacker the ability to overwrite privileged files using a symlink.

Users should upgrade to this new version of utempter, which fixes this

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.