Steve Grubb discovered a flaw in Utempter which allowed device names containing directory traversal sequences such as '/../'. In combination with an application that trusts the utmp or wtmp files, this could allow a local attacker the ability to overwrite privileged files using a symlink. CAN-2004-0233 Affects: 3AS 3ES 3WS CAN-2004-0233 Affects: 2.1AS 2.1AW 2.1ES 2.1WS Was made public on April 19th 2004
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-174.html