utempter 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1085599099
업데이트 : 2004.05.27
Utempter is a utility which allows some non-privileged programs to
have required root access without compromising system
security. Utempter accomplishes this feat by acting as a buffer
between root and the programs.
An updated utempter package that fixes a potential symlink vulnerability is
Utempter is a utility that allows terminal applications such as xterm and
screen to update utmp and wtmp without requiring root privileges.
Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as '/../'. In combination
with an application that trusts the utmp or wtmp files, this could allow a
local attacker the ability to overwrite privileged files using a symlink.
Users should upgrade to this new version of utempter, which fixes this
Autoupdates 지원 : 지원