CVE-2004-0233
CVE-2004-0233
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/24027unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://security.gentoo.org/glsa/glsa-200405-05.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/15904https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10115https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A979http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000752.1-1http://www.mandriva.com/security/advisories?name=MDKSA-2004:031http://www.redhat.com/support/errata/RHSA-2004-174.htmlhttp://www.redhat.com/support/errata/RHSA-2004-175.htmlhttp://www.securityfocus.com/bid/10178http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404389