This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
The util-linux package shipped with Red Hat Linux Advanced Server
contains a locally exploitable vulnerability.
The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. The
'chfn' utility included in this package allows users to modify
personal information stored in the system-wide password file,
/etc/passwd. In order to modify this file, this application is
installed setuid root.
Under certain conditions, a carefully crafted attack sequence can be
performed to exploit a complex file locking and modification race
present in this utility allowing changes to be made to /etc/passwd.
In order to successfully exploit the vulnerability and perform
privilege escalation there is a need for a minimal administrator
interaction. Additionally, the password file must be over 4 kilobytes,
and the local attackers entry must not be in the last 4 kilobytes of
the password file.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2002-0638 to this issue.
An interim workaround is to remove setuid flags from /usr/bin/chfn and
/usr/bin/chsh. All users of Red Hat Linux should update to the errata
util-linux packages which contain a patch to correct this
Many thanks to Michal Zalewski of Bindview for alerting us to this
See also :
Update the affected util-linux package.
Risk factor :
Medium / CVSS Base Score : 6.2
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12311 ()
CVE ID: CVE-2002-0638
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.