utempter 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1085599099
업데이트 : 2004.05.27
상세내용
Utempter is a utility which allows some non-privileged programs to
have required root access without compromising system
security. Utempter accomplishes this feat by acting as a buffer
between root and the programs.
An updated utempter package that fixes a potential symlink vulnerability is
now available.
Utempter is a utility that allows terminal applications such as xterm and
screen to update utmp and wtmp without requiring root privileges.
Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as '/../'. In combination
with an application that trusts the utmp or wtmp files, this could allow a
local attacker the ability to overwrite privileged files using a symlink.
Users should upgrade to this new version of utempter, which fixes this
vulnerability.
Autoupdates 지원 : 지원
update 패키지
RPMS :
. utempter-0.5.2-7.i686.rpm
SRPMS :
. utempter-0.5.2-7.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0233
|