Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Propack | Sgi | 2.4 (including) | 2.4 (including) |
Propack | Sgi | 3.0 (including) | 3.0 (including) |
Utempter | Utempter | 0.5.2 (including) | 0.5.2 (including) |
Utempter | Utempter | 0.5.3 (including) | 0.5.3 (including) |