RHEL 2.1 : util-linux (RHSA-2002:137)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

The util-linux package shipped with Red Hat Linux Advanced Server
contains a locally exploitable vulnerability.

The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. The
'chfn' utility included in this package allows users to modify
personal information stored in the system-wide password file,
/etc/passwd. In order to modify this file, this application is
installed setuid root.

Under certain conditions, a carefully crafted attack sequence can be
performed to exploit a complex file locking and modification race
present in this utility allowing changes to be made to /etc/passwd.

In order to successfully exploit the vulnerability and perform
privilege escalation there is a need for a minimal administrator
interaction. Additionally, the password file must be over 4 kilobytes,
and the local attackers entry must not be in the last 4 kilobytes of
the password file.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2002-0638 to this issue.

An interim workaround is to remove setuid flags from /usr/bin/chfn and
/usr/bin/chsh. All users of Red Hat Linux should update to the errata
util-linux packages which contain a patch to correct this
vulnerability.

Many thanks to Michal Zalewski of Bindview for alerting us to this
issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-0638.html
http://razor.bindview.com/publish/advisories/adv_chfn.html
http://rhn.redhat.com/errata/RHSA-2002-137.html

Solution :

Update the affected util-linux package.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12311 ()

Bugtraq ID:

CVE ID: CVE-2002-0638