6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
71.7%
The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system.
util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. The BindView RAZOR Team has discovered that because setpwnam.c inadequately locks a temporary file used when making changes to /etc/passwd, a race condition can be used to elevate privileges on the system.
For further details, please see the Bindview Advisory.
A local user may be able to elevate their privileges on the system.
Apply a patch from your vendor, or, an immediate workaround (provided by BindView) is to remove setuid flags from /usr/bin/chfn and /usr/bin/chsh. To remediate the vulnerability, patch the source code as follows.
`— util-linux-2.11n-old/login-utils/setpwnam.c Mon Jul 31 08:50:39 2000
+++ util-linux-2.11n/login-utils/setpwnam.c Wed Jun 12 21:37:12 2002
@@ -98,7 +98,8 @@
/* sanity check */
for (x = 0; x < 3; x++) {
if (x > 0) sleep(1);
405955
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: June 26, 2002 Updated: July 10, 2002
Affected
Red Hat distributes the util-linux package in all Red Hat Linux distributions. Updated packages containing a fix for this vulnerability will be available along with our advisory at the URL below. At the same time users of the Red Hat Network will be able to update their systems using the ‘up2date’ tool.
<http://rhn.redhat.com/errata/RHSA-2002-132.html>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 17, 2002
Affected
This issue affects the following Sun Cobalt platforms:
Sun Cobalt RaQ
Sun Cobalt RaQ 2
Sun Cobalt RaQ 3
Sun Cobalt RaQ 4
Sun Cobalt RaQ 550
Sun Cobalt RaQ XTR
Sun Cobalt Cache RaQ series
Sun Cobalt Qube
Sun Cobalt Qube 2
Sun Cobalt Qube 3
Sun Cobalt Control Station
Sun Cobalt are generating patches for this issue presently which will be
available for download from:
<http://sunsolve.sun.com/patches/cobalt>
A SunAlert will be published which details the issue and the patch
information which will be available from:
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: October 30, 2002
Affected
Caldera OpenLinux is vulnerable to this race condition, and we are preparing a fix.
The vendor has not provided us with any further information regarding this vulnerability.
Please also see <ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-043.0.txt>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 24, 2002
Not Affected
In relation to this CERT advisory on security vulnerabilities in util-linux, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. An initial analysis has shown that none of our products is affected when used as delivered to customers. The security of our customers’ networks is of highest priority for Alcatel. Therefore, investigations are going on and updates will be provided if necessary. Customers may contact their Alcatel support representative for more details.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Not Affected
Cray, Inc. is not vulnerable to this problem because chfn is not accessible to any users of our products.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 27, 2002
Not Affected
Debian does not ship any of the util-linux login-utils tools; instead we use the corresponding tools from the ‘shadow’ package, which use a different locking technique.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 17, 2002
Not Affected
IBM’s AIX operating system is not vulnerable to the above issues. While IBM does supply open source packages for AIX through the AIX Toolbox for Linux Applications, the util-linux package is not one of them.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 11, 2002
Not Affected
Lotus does not ship any Linux distributions.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 12, 2002
Not Affected
This vulnerability does not affect us.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 12, 2002
Not Affected
NetBSD is not affected by this issue. Password locking functions in NetBSD are provided by libutil. The lock file has been opened O_EXCL in libutil since at least May, 1996 - we did not check further back, since that covers NetBSD 1.2 and later.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Updated: August 15, 2002
Not Affected
Openwall GNU/*/Linux (Owl) is not vulnerable. We’re using a version of chfn(1) utility from the shadow suite (with our modifications) rather than one from util-linux. This decision was made during Owl development specifically to ensure compatible password file locking across the system as a whole. Additionally, on Owl, chfn(1) isn’t available to regular users by default, although that is a supported owl-control setting.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 15, 2002
Not Affected
SuSE Linux is not vulnerable to this issue, as we do no use the passwd utility from util-linux. Instead, we are using the ones from the shadow or pwdutils suite, which properly opens the file with O_EXCL (in addition to using lockpwdf).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: May 30, 2003
Not Affected
A response to this vulnerability is available from our web site: <http://www.xerox.com/security>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 27, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 27, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23405955 Feedback>).
View all 43 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.securityfocus.com/bid/5344>
Thanks to Michal Zalewski, BindView RAZOR, for reporting this vulnerability.
This document was written by Ian A Finlay.
CVE IDs: | CVE-2002-0638 |
---|---|
Severity Metric: | 10.97 Date Public: |