Detections
Analytics

RHEL 2.1 : util-linux (RHSA-2002:137)

medium Nessus Plugin ID 12311

Synopsis

The remote Red Hat host is missing a security update.

Description

The util-linux package shipped with Red Hat Linux Advanced Server contains a locally exploitable vulnerability.

The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The 'chfn' utility included in this package allows users to modify personal information stored in the system-wide password file, /etc/passwd. In order to modify this file, this application is installed setuid root.

Under certain conditions, a carefully crafted attack sequence can be performed to exploit a complex file locking and modification race present in this utility allowing changes to be made to /etc/passwd.

In order to successfully exploit the vulnerability and perform privilege escalation there is a need for a minimal administrator interaction. Additionally, the password file must be over 4 kilobytes, and the local attackers entry must not be in the last 4 kilobytes of the password file.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2002-0638 to this issue.

An interim workaround is to remove setuid flags from /usr/bin/chfn and /usr/bin/chsh. All users of Red Hat Linux should update to the errata util-linux packages which contain a patch to correct this vulnerability.

Many thanks to Michal Zalewski of Bindview for alerting us to this issue.

Solution

Update the affected util-linux package.

See Also

https://access.redhat.com/security/cve/cve-2002-0638

http://www.nessus.org/u?9606bdfd

https://access.redhat.com/errata/RHSA-2002:137

Plugin Details

Severity: Medium

ID: 12311

File Name: redhat-RHSA-2002-137.nasl

Version: 1.27

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:util-linux, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 7/29/2002

Vulnerability Publication Date: 8/12/2002

Reference Information

CVE: CVE-2002-0638

CERT: 405955

RHSA: 2002:137