Executive Summary
Summary | |
---|---|
Title | util-linux-ng security, bug fix and enhancement update |
Informations | |||
---|---|---|---|
Name | RHSA-2013:0517 | First vendor Publication | 2013-02-21 |
Vendor | RedHat | Last vendor Modification | 2013-02-21 |
Severity (Vendor) | Low | Revision | 02 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated util-linux-ng packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. An information disclosure flaw was found in the way the mount command reported errors. A local attacker could use this flaw to determine the existence of files and directories they do not have access to. (CVE-2013-0157) These updated util-linux-ng packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of util-linux-ng are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 679833 - [RFE] tailf should support `-n 0` 783514 - Documentation for default barrier setting for EXT3 filesystems in mount manpage is wrong 790728 - blkid ignores swap UUIDs if the first byte is a zero byte 818621 - lsblk should not open device it prints info about 839281 - manpage: mount option inode_readahead for ext4 should be inode_readahead_blks 892330 - CVE-2013-0157 util-linux: mount folder existence information disclosure |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2013-0517.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21076 | |||
Oval ID: | oval:org.mitre.oval:def:21076 | ||
Title: | RHSA-2013:0517: util-linux-ng security, bug fix and enhancement update (Low) | ||
Description: | (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0517-02 CESA-2013:0517 CVE-2013-0157 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | util-linux-ng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23653 | |||
Oval ID: | oval:org.mitre.oval:def:23653 | ||
Title: | ELSA-2013:0517: util-linux-ng security, bug fix and enhancement update (Low) | ||
Description: | (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0517-02 CVE-2013-0157 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | util-linux-ng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27272 | |||
Oval ID: | oval:org.mitre.oval:def:27272 | ||
Title: | DEPRECATED: ELSA-2013-0517 -- util-linux-ng security, bug fix and enhancement update (low) | ||
Description: | [2.17.2-12.9] - fix #892471 - CVE-2013-0157 mount folder existence information disclosure [2.17.2-12.8] - fix #679833 - [RFE] tailf should support - fix #719927 - [RFE] add adjtimex --compare functionality to hwclock - fix #730272 - losetup does not warn if backing file is < 512 bytes - fix #730891 - document cfdisk and sfdisk incompatibility with 4096-bytes sectors - fix #736245 - lscpu segfault on non-uniform cpu configuration - fix #783514 - default barrier setting for EXT3 filesystems in mount manpage is wrong - fix #790728 - blkid ignores swap UUIDs if the first byte is a zero byte - fix #818621 - lsblk should not open device it prints info about - fix #819945 - hwclock --systz causes a system time jump - fix #820183 - mount(8) man page should include relatime in defaults definition - fix #823008 - update to the latest upstream lscpu and chcpu - fix #837935 - lscpu coredumps on a system with 158 active processors - fix #839281 - inode_readahead for ext4 should be inode_readahead_blks - fix #845477 - Duplicate SElinux mount options cause mounting from the commandline to fail - fix #845971 - while reading /etc/fstab, mount command returns a device before a directory - fix #858009 - login doesn't update /var/run/utmp properly - fix #809449 - Backport inverse tree (-s) option for lsblk and related patches - fix #809139 - lsblk option -D missing in manpage | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0517 CVE-2013-0157 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | util-linux-ng |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-0579.nasl - Type : ACT_GATHER_INFO |
2014-05-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201405-15.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0517.nasl - Type : ACT_GATHER_INFO |
2013-04-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-154.nasl - Type : ACT_GATHER_INFO |
2013-03-10 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0517.nasl - Type : ACT_GATHER_INFO |
2013-03-05 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130221_util_linux_ng_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2013-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0517.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:56:52 |
|
2014-01-23 00:22:08 |
|
2014-01-21 21:25:05 |
|
2013-02-21 09:19:02 |
|