← CVECheck
HomeVulnerabilities

CVE-2004-0233 — LOW severity vulnerability (Utempter allows device names that contain .. (dot dot) direc)

Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.

CVE IDCVE-2004-0233
SeverityLOW
CVSS score2.1
CVSS vectorAV:L/AC:L/Au:N/C:N/I:P/A:N
CWENVD-CWE-Other
StatusModified
Published2004-08-18
Last modified2026-04-16
DescriptionUtempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →