Unrated severityNVD Advisory· Published Aug 18, 2004· Updated Apr 16, 2026
CVE-2004-0233
CVE-2004-0233
Description
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
Affected products
6cpe:2.3:o:slackware:slackware_linux:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:slackware:slackware_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.redhat.com/support/errata/RHSA-2004-174.htmlnvdPatchVendor Advisory
- www.securityfocus.com/bid/10178nvdExploitPatchVendor Advisory
- security.gentoo.org/glsa/glsa-200405-05.xmlnvd
- sunsolve.sun.com/search/document.donvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2004-175.htmlnvd
- www.slackware.com/security/viewer.phpnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/15904nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10115nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A979nvd
News mentions
0No linked articles in our index yet.