This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Linux | First view | 2008-04-24 |
| Product | Util-Linux | Last view | 2011-04-09 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.6 | 2011-04-09 | CVE-2011-1677 | mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. |
| 3.3 | 2011-04-09 | CVE-2011-1676 | mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations. |
| 3.3 | 2011-04-09 | CVE-2011-1675 | mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. |
| 7.5 | 2008-04-24 | CVE-2008-1926 | Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 33% (1) | CWE-399 | Resource Management Errors |
| 33% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 33% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:9833 | Argument injection vulnerability in login (login-utils/login.c) in util-linux... |
| oval:org.mitre.oval:def:21413 | RHSA-2012:0307: util-linux security, bug fix, and enhancement update (Low) |
| oval:org.mitre.oval:def:23173 | ELSA-2012:0307: util-linux security, bug fix, and enhancement update (Low) |
| oval:org.mitre.oval:def:27008 | RHSA-2011:1691 -- util-linux-ng security, bug fix, and enhancement update (Low) |
| oval:org.mitre.oval:def:27886 | ELSA-2011-1691 -- util-linux-ng security, bug fix, and enhancement update (low) |
| oval:org.mitre.oval:def:27786 | DEPRECATED: ELSA-2012-0307 -- util-linux security, bug fix, and enhancement u... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 75268 | util-linux mount /etc/mtab~ Lock File Removal Weakness Unspecified Local Issue |
| 75267 | util-linux mount Multiple Invocation Parsing /etc/mtab.tmp Corruption Local DoS |
| 74917 | util-linux mount RLIMIT_FSIZE Value Handling mtab Corruption Local DoS |
| 44656 | util-linux-ng login-utils/login.c Audit Log Injection |
OpenVAS Exploits
| id | Description |
|---|---|
| 2012-08-03 | Name : Mandriva Update for util-linux MDVSA-2012:083 (util-linux) File : nvt/gb_mandriva_MDVSA_2012_083.nasl |
| 2012-07-09 | Name : RedHat Update for util-linux-ng RHSA-2011:1691-03 File : nvt/gb_RHSA-2011_1691-03_util-linux-ng.nasl |
| 2012-02-21 | Name : RedHat Update for util-linux RHSA-2012:0307-03 File : nvt/gb_RHSA-2012_0307-03_util-linux.nasl |
| 2009-05-20 | Name : RedHat Security Advisory RHSA-2009:0981 File : nvt/RHSA_2009_0981.nasl |
| 2009-04-09 | Name : Mandriva Update for util-linux-ng MDVSA-2008:114 (util-linux-ng) File : nvt/gb_mandriva_MDVSA_2008_114.nasl |
| 2009-02-17 | Name : Fedora Update for util-linux-ng FEDORA-2008-3419 File : nvt/gb_fedora_2008_3419_util-linux-ng_fc8.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2014-11-17 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-0168.nasl - Type: ACT_GATHER_INFO |
| 2014-05-19 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201405-15.nasl - Type: ACT_GATHER_INFO |
| 2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2012-0307.nasl - Type: ACT_GATHER_INFO |
| 2013-06-29 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2009-0981.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20111206_util_linux_ng_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20120221_util_linux_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
| 2012-05-30 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2012-083.nasl - Type: ACT_GATHER_INFO |
| 2012-02-21 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2012-0307.nasl - Type: ACT_GATHER_INFO |
| 2011-12-06 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2011-1691.nasl - Type: ACT_GATHER_INFO |
| 2009-05-19 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2009-0981.nasl - Type: ACT_GATHER_INFO |
| 2009-04-23 | Name: The remote Mandriva Linux host is missing a security update. File: mandriva_MDVSA-2008-114.nasl - Type: ACT_GATHER_INFO |
| 2008-05-01 | Name: The remote Fedora host is missing a security update. File: fedora_2008-3419.nasl - Type: ACT_GATHER_INFO |
