Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.GENTOO_GLSA-202401-08.NASL
HistoryJan 07, 2024 - 12:00 a.m.

GLSA-202401-08 : util-linux: Multiple Vulnerabilities

2024-01-0700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
util-linux
libmount
unprivileged attackers
fuse filesystems
denial of service
integer overflow
buffer overflow
privilege escalation
chfn
chsh utilities
readline support

7.7 High

AI Score

Confidence

High

JSON

The remote host is affected by the vulnerability described in GLSA-202401-08 (util-linux: Multiple Vulnerabilities)

  • A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)

  • A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users’ filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)

  • An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
    NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments (CVE-2021-37600)

  • A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an INPUTRC environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation.
    This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202401-08.
#
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('compat.inc');

if (description)
{
  script_id(187668);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/07");

  script_cve_id(
    "CVE-2021-3995",
    "CVE-2021-3996",
    "CVE-2021-37600",
    "CVE-2022-0563"
  );

  script_name(english:"GLSA-202401-08 : util-linux: Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202401-08 (util-linux: Multiple Vulnerabilities)

  - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged
    user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE
    filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker
    in its string form. An attacker may use this flaw to cause a denial of service to applications that use
    the affected filesystems. (CVE-2021-3995)

  - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged
    user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other
    users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable
    directory. An attacker may use this flaw to cause a denial of service to applications that use the
    affected filesystems. (CVE-2021-3996)

  - An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker
    were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
    NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments
    (CVE-2021-37600)

  - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The
    Readline library uses an INPUTRC environment variable to get a path to the library config file. When the
    library cannot parse the specified file, it prints an error message containing data from the file. This
    flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation.
    This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202401-08");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=806070");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=831978");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=833365");
  script_set_attribute(attribute:"solution", value:
"All util-linux users should upgrade to the latest version:

          # emerge --sync
          # emerge --ask --oneshot --verbose >=sys-apps/util-linux-2.37.4");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0563");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:util-linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}
include('qpkg.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');
if (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var flag = 0;

var packages = [
  {
    'name' : 'sys-apps/util-linux',
    'unaffected' : make_list("ge 2.37.4"),
    'vulnerable' : make_list("lt 2.37.4")
  }
];

foreach var package( packages ) {
  if (isnull(package['unaffected'])) package['unaffected'] = make_list();
  if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
  if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;
}


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : qpkg_report_get()
  );
  exit(0);
}
else
{
  qpkg_tests = list_uniq(qpkg_tests);
  var tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'util-linux');
}
VendorProductVersionCPE
gentoolinuxcpe:/o:gentoo:linux
gentoolinuxutil-linuxp-cpe:/a:gentoo:linux:util-linux

Related

openvas 46
gentoo 1
mageia 1
nessus 56
redos 1
osv 6
debian 2
ubuntu 1
suse 3
fedora 2
photon 12
cbl_mariner 5
prion 4
ubuntucve 4
cvelist 4
redhatcve 4
cnvd 2
amazon 2
cve 4
debiancve 4
alpinelinux 4
veracode 3
slackware 1
packetstorm 1
zdt 1
thn 1
qualysblog 1
mssecure 1
mmpc 1
ibm 1
avleonov 1
ics 1
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0076)
2022-02-23 00:00:00
Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2022-2041)
2022-07-14 00:00:00
Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2022-2069)
2022-07-14 00:00:00
gentoo
gentoo
util-linux: Multiple Vulnerabilities
2024-01-07 00:00:00
mageia
mageia
Updated util-linux packages fix security vulnerability
2022-02-22 23:15:16
nessus
nessus
CentOS 9 : util-linux-2.37.4-3.el9
2024-02-29 00:00:00
Amazon Linux 2022 : (ALAS2022-2022-099)
2022-09-06 00:00:00
EulerOS Virtualization 2.10.0 : util-linux (EulerOS-SA-2022-2041)
2022-07-15 00:00:00
redos
redos
ROS-20220128-03
2022-01-28 00:00:00
osv
osv
util-linux - security update
2022-01-24 00:00:00
util-linux vulnerabilities
2022-02-09 13:26:34
CVE-2022-0563
2022-02-21 19:15:08
debian
debian
[SECURITY] [DSA 5055-1] util-linux security update
2022-01-24 11:31:47
[SECURITY] [DLA 3782-1] util-linux security update
2024-04-07 10:41:20
ubuntu
ubuntu
util-linux vulnerabilities
2022-02-09 00:00:00
suse
suse
Security update for libeconf, shadow and util-linux (moderate)
2022-03-04 00:00:00
Security update for util-linux (moderate)
2021-10-20 00:00:00
Security update for util-linux (moderate)
2021-11-02 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: util-linux-2.37.3-1.fc35
2022-02-05 01:22:21
[SECURITY] Fedora 35 Update: util-linux-2.37.4-1.fc35
2022-02-16 01:28:56
photon
photon
Important Photon OS Security Update - PHSA-2022-0147
2022-01-27 00:00:00
Critical Photon OS Security Update - PHSA-2021-0081
2021-08-17 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0379
2021-08-18 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-37600 affecting package util-linux 2.32.1-7
2021-08-12 21:14:36
CVE-2022-0563 affecting package util-linux for versions less than 2.37.4-1
2022-06-26 03:29:31
CVE-2022-0563 affecting package util-linux 2.32.1-6
2022-05-12 02:16:39
prion
prion
Integer overflow
2021-07-30 14:15:00
Privilege escalation
2022-02-21 19:15:00
Design/Logic Flaw
2022-08-23 20:15:00
ubuntucve
ubuntucve
CVE-2021-37600
2021-07-30 00:00:00
CVE-2022-0563
2022-02-21 00:00:00
CVE-2021-3996
2022-02-01 00:00:00
cvelist
cvelist
CVE-2021-37600
2021-07-28 00:00:00
CVE-2022-0563
2022-02-21 00:00:00
CVE-2021-3996
2022-08-23 00:00:00
redhatcve
redhatcve
CVE-2021-37600
2021-07-29 14:25:41
CVE-2022-0563
2022-02-14 19:43:17
CVE-2021-3996
2022-01-24 12:42:16
cnvd
cnvd
util-linux input validation error vulnerability
2021-08-03 00:00:00
util-linux has unspecified vulnerabilities
2022-02-16 00:00:00
amazon
amazon
Low: util-linux
2023-01-30 16:02:00
Medium: util-linux
2022-12-01 20:32:00
cve
cve
CVE-2021-37600
2021-07-30 14:15:18
CVE-2022-0563
2022-02-21 19:15:00
CVE-2021-3996
2022-08-23 20:15:00
debiancve
debiancve
CVE-2021-37600
2021-07-30 14:15:18
CVE-2022-0563
2022-02-21 19:15:00
CVE-2021-3996
2022-08-23 20:15:00
alpinelinux
alpinelinux
CVE-2021-37600
2021-07-30 14:15:18
CVE-2022-0563
2022-02-21 19:15:00
CVE-2021-3996
2022-08-23 20:15:00
veracode
veracode
Denial Of Service (DoS)
2022-02-16 23:14:47
Denial Of Service (DoS)
2022-01-26 14:30:52
Denial Of Service (DoS)
2022-01-26 14:30:50
slackware
slackware
[slackware-security] util-linux
2022-02-15 20:05:04
packetstorm
packetstorm
snap-confine must_mkdir_and_open_with_perms() Race Condition
2022-12-09 00:00:00
zdt
zdt
Ubuntu Server snap-confine must_mkdir_and_open_with_perms() Race Condition Vulnerability
2022-12-10 00:00:00
thn
thn
New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager
2022-02-18 08:37:00
qualysblog
qualysblog
Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)
2022-02-17 19:15:55
mssecure
mssecure
Uncursing the ncurses: Memory corruption vulnerabilities found in library
2023-09-14 11:30:00
mmpc
mmpc
Uncursing the ncurses: Memory corruption vulnerabilities found in library
2023-09-14 11:30:00
ibm
ibm
Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93
2022-03-14 20:12:12
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

7.7 High

AI Score

Confidence

High

JSON
Related for GENTOO_GLSA-202401-08.NASL
openvas46gentoo1mageia1nessus56redos1osv6debian2ubuntu1suse3fedora2photon12cbl_mariner5prion4ubuntucve4cvelist4redhatcve4cnvd2amazon2cve4debiancve4alpinelinux4veracode3slackware1packetstorm1zdt1thn1qualysblog1mssecure1mmpc1ibm1avleonov1ics1