RHEL 2.1 : util-linux (RHSA-2004:056)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated util-linux packages that fix an information leak in the login
program are now available.

The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function.

In some situations, the login program could use a pointer that had
been freed and reallocated. This could cause unintentional data
leakage.

Note: Red Hat Enterprise Linux 3 is not vulnerable to this issue.

It is recommended that all users upgrade to these updated packages,
which are not vulnerable to this issue.

Red Hat would like to thank Matthew Lee of Fleming College for finding
and reporting this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-0080.html
http://rhn.redhat.com/errata/RHSA-2004-056.html

Solution :

Update the affected util-linux package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12463 ()

Bugtraq ID:

CVE ID: CVE-2004-0080