Red Hat Errata System 5.3 2008-01-23T07:18:03 Red Hat Enterprise Linux 3 Utempter is a utility that allows terminal applications such as xterm and screen to update utmp and wtmp without requiring root privileges. Steve Grubb discovered a flaw in Utempter which allowed device names containing directory traversal sequences such as '/../'. In combination with an application that trusts the utmp or wtmp files, this could allow a local attacker the ability to overwrite privileged files using a symlink. Users should upgrade to this new version of utempter, which fixes this vulnerability. Moderate Copyright 2004 Red Hat, Inc. CVE-2004-0233 cpe://redhat:enterprise_linux:3