Multiple Vendor Linux Usermode Package Vulnerability
BID:1489
Info
Multiple Vendor Linux Usermode Package Vulnerability
| Bugtraq ID: | 1489 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 18 2000 12:00AM |
| Updated: | Jul 18 2000 12:00AM |
| Credit: | This vulnerability was made public in a Linux-Mandrake Security Advisory on July 18, 2000. |
| Vulnerable: |
Redhat usermode-1.20-1.i386.rpm Redhat SysVinit-2.74-11.i386.rpm Redhat Linux 6.2 E sparc Redhat Linux 6.2 E i386 Redhat Linux 6.2 E alpha Redhat Linux 6.2 sparc Redhat Linux 6.2 i386 Redhat Linux 6.2 alpha Redhat Linux 6.1 sparc Redhat Linux 6.1 i386 Redhat Linux 6.1 alpha Redhat Linux 6.0 alpha Redhat Linux 6.0 Mandriva Linux Mandrake 9.0 Mandriva Linux Mandrake 8.2 ppc Mandriva Linux Mandrake 8.2 Mandriva Linux Mandrake 8.1 ia64 Mandriva Linux Mandrake 8.1 Mandriva Linux Mandrake 7.1 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 2.1 |
| Not Vulnerable: |
SuSE Linux 7.0 SuSE Linux 6.4 SuSE Linux 6.3 SuSE Linux 6.2 SuSE Linux 6.1 SuSE Linux 6.0 SuSE Linux 5.3 SuSE Linux 5.2 SuSE Linux 5.1 SuSE Linux 5.0 SuSE Linux 4.4.1 SuSE Linux 4.4 SuSE Linux 4.3 SuSE Linux 4.2 |
Discussion
Multiple Vendor Linux Usermode Package Vulnerability
A vulnerability exists in the usermode package shipped with various Linux distributions. It has been discovered that proper authentication does not occur when a local user invokes the 'shutdown' utility to enter 'single user' mode. Once 'single user' mode has been entered, the unauthorized user will have gained root privileges.
A vulnerability exists in the usermode package shipped with various Linux distributions. It has been discovered that proper authentication does not occur when a local user invokes the 'shutdown' utility to enter 'single user' mode. Once 'single user' mode has been entered, the unauthorized user will have gained root privileges.
Exploit / POC
Multiple Vendor Linux Usermode Package Vulnerability
This issue can be exploited by calling 'shutdown now'.
This issue can be exploited by calling 'shutdown now'.
Solution / Fix
Multiple Vendor Linux Usermode Package Vulnerability
Solution:
Mandrake and Red Hat have released security advisories containing updated usermode packages which address this issue.
*** It has been discovered that Mandrake 8.1 through 9.0 are affected by this issue. Mandrake has released a security advisory (MDKSA-2003:031) which contains updated usermode packages. It should be noted that the shutdown utility has been removed.
Redhat usermode-1.20-1.i386.rpm
Redhat SysVinit-2.74-11.i386.rpm
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 2.1
Redhat Linux 6.0 alpha
Redhat Linux 6.0
Redhat Linux 6.1 i386
Redhat Linux 6.1 sparc
Redhat Linux 6.1 alpha
Redhat Linux 6.2 alpha
Redhat Linux 6.2 E alpha
Redhat Linux 6.2 i386
Redhat Linux 6.2 E i386
Redhat Linux 6.2 sparc
Redhat Linux 6.2 E sparc
Mandriva Linux Mandrake 7.1
Mandriva Linux Mandrake 8.1 ia64
Mandriva Linux Mandrake 8.1
Mandriva Linux Mandrake 8.2 ppc
Mandriva Linux Mandrake 8.2
Mandriva Linux Mandrake 9.0
Solution:
Mandrake and Red Hat have released security advisories containing updated usermode packages which address this issue.
*** It has been discovered that Mandrake 8.1 through 9.0 are affected by this issue. Mandrake has released a security advisory (MDKSA-2003:031) which contains updated usermode packages. It should be noted that the shutdown utility has been removed.
Redhat usermode-1.20-1.i386.rpm
-
Red Hat Inc. 6.2 i386 usermode-1.35-1.i386.rpm
ftp://updates.redhat.com/6.2/i386/usermode-1.35-1.i386.rpm
Redhat SysVinit-2.74-11.i386.rpm
-
Red Hat Inc. 6.2 i386 SysVinit-2.78-5.i386.rpm
ftp://updates.redhat.com/6.2/i386/SysVinit-2.78-5.i386.rpm
MandrakeSoft Multi Network Firewall 2.0
-
Mandrake usermode-consoleonly-1.44-4.1mdk.i586.rpm
Multi Network Firewall 8.2
http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft Corporate Server 2.1
-
Mandrake usermode-1.55-8.1mdk.i586.rpm
Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake usermode-consoleonly-1.55-8.1mdk.i586.rpm
Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php
Redhat Linux 6.0 alpha
-
Red Hat Inc. 6.2 alpha SysVinit-2.78-5.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/SysVinit-2.78-5.alpha.rpm -
Red Hat Inc. 6.2 alpha usermode-1.35-1.alpha.rpm
ftp://updates.redhat.com/6.2/sparc/usermode-1.35-1.alpha.rpm
Redhat Linux 6.0
-
Red Hat Inc. 6.2 i386 SysVinit-2.78-5.i386.rpm
ftp://updates.redhat.com/6.2/i386/SysVinit-2.78-5.i386.rpm -
Red Hat Inc. 6.2 i386 usermode-1.35-1.i386.rpm
ftp://updates.redhat.com/6.2/i386/usermode-1.35-1.i386.rpm
Redhat Linux 6.1 i386
-
Red Hat Inc. 6.2 i386 SysVinit-2.78-5.i386.rpm
ftp://updates.redhat.com/6.2/i386/SysVinit-2.78-5.i386.rpm -
Red Hat Inc. 6.2 i386 usermode-1.35-1.i386.rpm
ftp://updates.redhat.com/6.2/i386/usermode-1.35-1.i386.rpm
Redhat Linux 6.1 sparc
-
Red Hat Inc. 6.2 sparc SysVinit-2.78-5.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/SysVinit-2.78-5.sparc.rpm -
Red Hat Inc. 6.2 sparc usermode-1.35-1.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/usermode-1.35-1.sparc.rpm
Redhat Linux 6.1 alpha
-
Red Hat Inc. 6.2 alpha SysVinit-2.78-5.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/SysVinit-2.78-5.alpha.rpm -
Red Hat Inc. 6.2 alpha usermode-1.35-1.alpha.rpm
ftp://updates.redhat.com/6.2/sparc/usermode-1.35-1.alpha.rpm
Redhat Linux 6.2 alpha
-
Red Hat Inc. 6.2 alpha usermode-1.35-1.alpha.rpm
ftp://updates.redhat.com/6.2/sparc/usermode-1.35-1.alpha.rpm
Redhat Linux 6.2 E alpha
-
Red Hat Inc. 6.2 alpha usermode-1.35-1.alpha.rpm
ftp://updates.redhat.com/6.2/sparc/usermode-1.35-1.alpha.rpm
Redhat Linux 6.2 i386
-
Red Hat Inc. 6.2 i386 usermode-1.35-1.i386.rpm
ftp://updates.redhat.com/6.2/i386/usermode-1.35-1.i386.rpm
Redhat Linux 6.2 E i386
-
Red Hat Inc. 6.2 i386 usermode-1.35-1.i386.rpm
ftp://updates.redhat.com/6.2/i386/usermode-1.35-1.i386.rpm
Redhat Linux 6.2 sparc
-
Red Hat Inc. 6.2 sparc usermode-1.35-1.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/usermode-1.35-1.sparc.rpm
Redhat Linux 6.2 E sparc
-
Red Hat Inc. 6.2 sparc usermode-1.35-1.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/usermode-1.35-1.sparc.rpm
Mandriva Linux Mandrake 7.1
-
MandrakeSoft 7.1 i386 usermode-1.22-2mdk.i586.rpm
http://www.linux-mandrake.com/en/ftp.php3
Mandriva Linux Mandrake 8.1 ia64
-
Mandrake usermode-1.42-8.1mdk.ia64.rpm
Mandrake 8.1 ia64
http://www.mandrakesecure.net/en/ftp.php
Mandriva Linux Mandrake 8.1
-
Mandrake usermode-1.42-8.1mdk.i586.rpm
Mandrake 8.1
http://www.mandrakesecure.net/en/ftp.php
Mandriva Linux Mandrake 8.2 ppc
-
Mandrake usermode-1.44-4.1mdk.ppc.rpm
Mandrake 8.2/PPC
http://www.mandrakesecure.net/en/ftp.php -
Mandrake usermode-consoleonly-1.44-4.1mdk.ppc.rpm
Mandrake 8.2/PPC
http://www.mandrakesecure.net/en/ftp.php
Mandriva Linux Mandrake 8.2
-
Mandrake usermode-1.44-4.1mdk.i586.rpm
Mandrake 8.2
http://www.mandrakesecure.net/en/ftp.php -
Mandrake usermode-consoleonly-1.44-4.1mdk.i586.rpm
Mandrake 8.2
http://www.mandrakesecure.net/en/ftp.php
Mandriva Linux Mandrake 9.0
-
Mandrake usermode-1.55-8.1mdk.i586.rpm
Mandrake 9.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake usermode-consoleonly-1.55-8.1mdk.i586.rpm
Mandrake 9.0
http://www.mandrakesecure.net/en/ftp.php
References
Multiple Vendor Linux Usermode Package Vulnerability
References:
References: