Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20120221_UTIL_LINUX_ON_SL5_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : util-linux on SL5.x i386/x86_64 (20120221)

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program.

Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems.
(CVE-2011-1675, CVE-2011-1677)

This update also fixes the following bugs :

  • When the user logged into a telnet server, the login utility did not update the utmp database properly if the utility was executed from the telnetd daemon. This was due to telnetd not creating an appropriate entry in a utmp file before executing login. With this update, correct entries are created and the database is updated properly.

  • Various options were not described on the blockdev(8) manual page. With this update, the blockdev(8) manual page includes all the relevant options.

  • Prior to this update, the build process of the util-linux package failed in the po directory with the following error message: ‘@MKINSTALLDIRS@: No such file or directory’. An upstream patch has been applied to address this issue, and the util-linux package now builds successfully.

  • Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an invalid option, ‘-b’. With this update, only valid options are listed on those manual pages.

  • Previously, the mount(8) manual page contained incomplete information about the ext4 and XFS file systems. With this update, the mount(8) manual page contains the missing information.

In addition, this update adds the following enhancements :

  • Previously, if DOS mode was enabled on a device, the fdisk utility could report error messages similar to the following :

Partition 1 has different physical/logical beginnings (non-Linux?):
phys=(0, 1, 1) logical=(0, 2, 7)

This update enables users to switch off DOS compatible mode (by specifying the ‘-c’ option), and such error messages are no longer displayed.

  • This update adds the ‘fsfreeze’ command which halts access to a file system on a disk.

All users of util-linux are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(61272);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2011-1675", "CVE-2011-1677");

  script_name(english:"Scientific Linux Security Update : util-linux on SL5.x i386/x86_64 (20120221)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among
others, util-linux contains the fdisk configuration tool and the login
program.

Multiple flaws were found in the way the mount and umount commands
performed mtab (mounted file systems table) file updates. A local,
unprivileged user allowed to mount or unmount file systems could use
these flaws to corrupt the mtab file and create a stale lock file,
preventing other users from mounting and unmounting file systems.
(CVE-2011-1675, CVE-2011-1677)

This update also fixes the following bugs :

  - When the user logged into a telnet server, the login
    utility did not update the utmp database properly if the
    utility was executed from the telnetd daemon. This was
    due to telnetd not creating an appropriate entry in a
    utmp file before executing login. With this update,
    correct entries are created and the database is updated
    properly.

  - Various options were not described on the blockdev(8)
    manual page. With this update, the blockdev(8) manual
    page includes all the relevant options.

  - Prior to this update, the build process of the
    util-linux package failed in the po directory with the
    following error message: '@MKINSTALLDIRS@: No such file
    or directory'. An upstream patch has been applied to
    address this issue, and the util-linux package now
    builds successfully.

  - Previously, the ipcs(1) and ipcrm(1) manual pages
    mentioned an invalid option, '-b'. With this update,
    only valid options are listed on those manual pages.

  - Previously, the mount(8) manual page contained
    incomplete information about the ext4 and XFS file
    systems. With this update, the mount(8) manual page
    contains the missing information.

In addition, this update adds the following enhancements :

  - Previously, if DOS mode was enabled on a device, the
    fdisk utility could report error messages similar to the
    following :

Partition 1 has different physical/logical beginnings (non-Linux?):
phys=(0, 1, 1) logical=(0, 2, 7)

This update enables users to switch off DOS compatible mode (by
specifying the '-c' option), and such error messages are no longer
displayed.

  - This update adds the 'fsfreeze' command which halts
    access to a file system on a disk.

All users of util-linux are advised to upgrade to this updated
package, which contains backported patches to correct these issues and
add these enhancements."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=3164
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?82291f93"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected util-linux and / or util-linux-debuginfo packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:util-linux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:util-linux-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"util-linux-2.13-0.59.el5")) flag++;
if (rpm_check(release:"SL5", reference:"util-linux-debuginfo-2.13-0.59.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux / util-linux-debuginfo");
}
VendorProductVersionCPE
fermilabscientific_linuxutil-linuxp-cpe:/a:fermilab:scientific_linux:util-linux
fermilabscientific_linuxutil-linux-debuginfop-cpe:/a:fermilab:scientific_linux:util-linux-debuginfo
fermilabscientific_linuxx-cpe:/o:fermilab:scientific_linux

Related

openvas 9
oraclelinux 2
redhat 3
nessus 8
gentoo 1
prion 2
cvelist 2
cve 2
ubuntucve 2
veracode 2
debiancve 2
googleprojectzero 1
ibm 2
openvas
openvas
RedHat Update for util-linux-ng RHSA-2011:1691-03
2012-07-09 00:00:00
RedHat Update for util-linux-ng RHSA-2011:1691-03
2012-07-09 00:00:00
RedHat Update for util-linux RHSA-2012:0307-03
2012-02-21 00:00:00
oraclelinux
oraclelinux
util-linux security, bug fix, and enhancement update
2012-03-01 00:00:00
util-linux-ng security, bug fix, and enhancement update
2011-12-14 00:00:00
redhat
redhat
(RHSA-2011:1691) Low: util-linux-ng security, bug fix, and enhancement update
2011-12-06 00:00:00
(RHSA-2012:0307) Low: util-linux security, bug fix, and enhancement update
2012-02-21 00:00:00
(RHSA-2012:0168) Important: rhev-hypervisor5 security and bug fix update
2012-02-21 00:00:00
nessus
nessus
RHEL 6 : util-linux-ng (RHSA-2011:1691)
2011-12-06 00:00:00
RHEL 5 : util-linux (RHSA-2012:0307)
2012-02-21 00:00:00
Oracle Linux 5 : util-linux (ELSA-2012-0307)
2013-07-12 00:00:00
gentoo
gentoo
util-linux: Multiple vulnerabilities
2014-05-18 00:00:00
prion
prion
Code injection
2011-04-10 02:55:00
Sql injection
2011-04-10 02:55:00
cvelist
cvelist
CVE-2011-1677
2011-04-10 01:29:00
CVE-2011-1675
2011-04-10 01:29:00
cve
cve
CVE-2011-1677
2011-04-10 02:55:00
CVE-2011-1675
2011-04-10 02:55:00
ubuntucve
ubuntucve
CVE-2011-1677
2011-04-10 00:00:00
CVE-2011-1675
2011-04-10 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 01:07:10
Privilege Escalation
2020-04-10 01:07:09
debiancve
debiancve
CVE-2011-1677
2011-04-10 02:55:00
CVE-2011-1675
2011-04-10 02:55:00
googleprojectzero
googleprojectzero
The poisoned NUL byte, 2014 edition
2014-08-25 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues
2024-05-07 17:05:31
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
2024-05-07 17:07:44
JSON
Related for SL_20120221_UTIL_LINUX_ON_SL5_X.NASL
openvas9oraclelinux2redhat3nessus8gentoo1prion2cvelist2cve2ubuntucve2veracode2debiancve2googleprojectzero1ibm2