util-linux: Local privilege escalation

Background util-linux is a suite of Linux programs including mount and umount, programs used to mount and unmount filesystems. Description Ludwig Nussel discovered that the checkspecialmountprog and checkspecialumountprog functions call setuid and setgid in the wrong order and do not check the...

Mandrake Linux Security Advisory : util-linux (MDKSA-2007:198)

The mount and umount programs in util-linux called the setuid and setgid functions in the wrong order and did not check the return values, which could allow attackers to grain privileges via helper applications such as mount.nfs. Updated packages have been patched to fix this issue. %NASLMINLEVEL...

Fedora Core 6 : util-linux-2.13-0.49.fc6 (2007-722)

Mon Oct 8 2007 Karel Zak 2.13-0.49 - fix 320141 - CVE-2007-5191 util-linux umount doesn't drop privileges properly when calling helpers FC6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

[SECURITY] Fedora Core 6 Update: util-linux-2.13-0.49.fc6

The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program...

[SECURITY] Fedora 7 Update: util-linux-2.13-0.54.1.fc7

The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program...

rPSA-2007-0212-1 util-linux

rPath Security Advisory: 2007-0212-1 Published: 2007-10-08 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: util-linux=/conary.rpath.com@rpl:devel//1/2.12r-1.5-1 rPath Issue Tracking System:...

CVE-2007-5191

The CVE-2007-5191 issue concerns util-linux: the mount and umount utilities call setuid/setgid in the wrong order and do not check return values, which could allow a local attacker to elevate privileges via helper programs (e.g., mount.nfs). Affected component: util-linux (mount/umount). Impact: ...

CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs...

Util-linux安全绕过漏洞

util-linux包含大量底层系统工具。 util-linux不正确验证用户权限，远程攻击者可以利用漏洞绕过安全限制，进行未授权访问。 问题存在于登录进程处理登录时不需要验证，部分参考自身验证的进程允许远程攻击者绕过访问策略，进行未授权访问。 util-linux util-linux 2.12 a + MandrakeSoft Linux Mandrake 10.2 x8664 + MandrakeSoft Linux Mandrake 10.2 x8664 + MandrakeSoft Linux Mandrake 10.2 + MandrakeSoft Linux Mandrak...

Mandrake Linux Security Advisory : util-linux (MDKSA-2007:111)

login in util-linux-2.12a and later versions skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok. Updated packag...

util security update

CentOS Errata and Security Advisory CESA-2007:0235 An updated util-linux package that corrects a security issue and fixes several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The util-linux package contains a collection of...

RHEL 4 : util-linux (RHSA-2007:0235)

An updated util-linux package that corrects a security issue and fixes several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The util-linux package contains a collection of basic system utilities. A flaw was found in the way...

Low: Red Hat Security Advisory: util-linux security and bug fix update

An updated util-linux package that corrects a security issue and fixes several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The util-linux package contains a collection of basic system utilities. A flaw was found in the way...

Mandrake Linux Security Advisory : util-linux (MDKSA-2007:053)

Umount allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents. Updated packages have...

CVE-2006-7108

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

CVE-2006-7108

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

CVE-2006-7108

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

CentOS 3 / 4 : util-linux / mount (CESA-2005:782)

Updated util-linux and mount packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux...

Ubuntu 4.10 / 5.04 : util-linux vulnerability (USN-184-1)

David Watson discovered that 'umount -r' removed some restrictive mount options like the 'nosuid' flag. If /etc/fstab contains user-mountable removable devices which specify the 'nosuid' flag which is common practice for such devices, a local attacker could exploit this to execute arbitrary...

RHEL 4 : util-linux and mount (RHSA-2005:782)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2005:782 advisory. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The mount...