Executive Summary
Summary | |
---|---|
Title | util-linux security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:0981 | First vendor Publication | 2009-05-18 |
Vendor | RedHat | Last vendor Modification | 2009-05-18 |
Severity (Vendor) | Low | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated util-linux package that fixes one security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The util-linux package contains a collection of basic system utilities, such as fdisk and mount. A log injection attack was found in util-linux when logging log in attempts via the audit subsystem of the Linux kernel. A remote attacker could use this flaw to modify certain parts of logged events, possibly hiding their activities on a system. (CVE-2008-1926) This updated package also fixes the following bugs: * partitions created by VMware ESX™ were not included in the list of recognized file systems used by fdisk. Consequently, if VMware ESX was installed, "fdisk -l" returned "Unknown" for these partitions. With this update, information regarding the VMKcore and VMFS partitions has been added to the file systems list. On systems running VMware ESX, "fdisk -l" now lists information about these partitions as expected. (BZ#447264) * if a username was not set, the login command would fail with a Segmentation fault. With this update, login lets the audit system handle NULL usernames (it sends an AUDIT_USER_LOGIN message to the audit system in the event there is no username set). (BZ#456213) * the nfs(5) man page listed version 2 as the default. This is incorrect: unless otherwise specified, the NFS client uses NFS version 3. The man page has been corrected. (BZ#458539) * in certain situations, backgrounded NFS mounts died shortly after being backgrounded when the mount command was executed by the initlog command, which, for example, would occur when running an init script, such as running the "service netfs start" command. In these situations, running the "ps -ef" command showed backgrounded NFS mounts disappearing shortly after being backgrounded. In this updated package, backgrounded mount processes detach from the controlling terminal, which resolves this issue. (BZ#461488) * if a new partition's starting cylinder was beyond one terabyte, fdisk could not create the partition. This has been fixed. (BZ#471372) * in rare cases "mount -a" ignored fstab order and tried to re-mount file systems on mpath devices. With this update, mount honors fstab order even in the rare cases reported. (BZ#472186) * the "mount --move" command moved a file system's mount point as expected (for example, /proc/mounts showed the changed mount point as expected) but did not update /etc/mtab properly. With this update, the "mount --move" command gathers all necessary information about the old mount point, copies it to the new mount point and then deletes the old point, ensuring /etc/mtab is updated properly. (BZ#485004) Util-linux users are advised to upgrade to this updated package, which addresses this vulnerability and resolves these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 443925 - CVE-2008-1926 util-linux: audit log injection via login 447264 - RHEL4: VMware fdisk partitions 456213 - RHEL4: login segfaults on EOF 456379 - RHEL4: audit log injection attack via login 458539 - man nfs : wrong information about nfs version used 461488 - Backgrounded NFS mounts dies soon after "service netfs start" command is issued 471372 - RHEL4: fdisk cannot create partition with starting beyond 1 TB 472186 - mount -a has problems with duplicate labels in a mpath setup 485004 - Move mount doesn't correctly update mtab |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-0981.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9833 | |||
Oval ID: | oval:org.mitre.oval:def:9833 | ||
Title: | Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." | ||
Description: | Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1926 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 5 |
OpenVAS Exploits
Date | Description |
---|---|
2009-05-20 | Name : RedHat Security Advisory RHSA-2009:0981 File : nvt/RHSA_2009_0981.nasl |
2009-04-09 | Name : Mandriva Update for util-linux-ng MDVSA-2008:114 (util-linux-ng) File : nvt/gb_mandriva_MDVSA_2008_114.nasl |
2009-02-17 | Name : Fedora Update for util-linux-ng FEDORA-2008-3419 File : nvt/gb_fedora_2008_3419_util-linux-ng_fc8.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44656 | util-linux-ng login-utils/login.c Audit Log Injection |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-06-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2009-0981.nasl - Type : ACT_GATHER_INFO |
2009-05-19 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0981.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2008-114.nasl - Type : ACT_GATHER_INFO |
2008-05-01 | Name : The remote Fedora host is missing a security update. File : fedora_2008-3419.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:31 |
|