Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-08-18
Updated
2017-10-11
1 vulnerabilities found