Util-linux Login Security Bypass Vulnerability
BID:24321
Info
Util-linux Login Security Bypass Vulnerability
| Bugtraq ID: | 24321 |
| Class: | Access Validation Error |
| CVE: |
CVE-2006-7108 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 05 2007 12:00AM |
| Updated: | Jul 03 2007 10:18PM |
| Credit: | Craig Lawson is credited with the discovery of this vulnerability. |
| Vulnerable: |
util-linux util-linux 2.12 a util-linux util-linux 2.12 util-linux util-linux 2.11 z util-linux util-linux 2.11 u util-linux util-linux 2.11 r util-linux util-linux 2.11 n util-linux util-linux 2.11 util-linux util-linux 2.10 util-linux util-linux 2.9 util-linux util-linux 2.8 rPath rPath Linux 1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Avaya SES 3.1.1 Avaya SES 3.0 Avaya SES 2.0 Avaya Messaging Storage Server MSS 3.0 Avaya Message Networking MN 3.1 Avaya Message Networking Avaya Communication Manager 2.0.1 Avaya Communication Manager 2.0 Avaya Communication Manager 4.0 Avaya Communication Manager 3.1 Avaya Communication Manager 3.0 Avaya CCS 3.1.1 Avaya CCS 3.0 Avaya CCS 2.0 Avaya AES 4.0 |
| Not Vulnerable: |
util-linux util-linux 2.13 -pre3 util-linux util-linux 2.13 -pre2 util-linux util-linux 2.13 -pre1 util-linux util-linux 2.12 r-pre1 util-linux util-linux 2.12 r util-linux util-linux 2.12 q util-linux util-linux 2.12 p util-linux util-linux 2.12 b |
Discussion
Util-linux Login Security Bypass Vulnerability
The 'login' utility (in 'util-linux') is prone to a security-bypass vulnerability because the utility fails to properly validate user privileges.
Exploiting this issue can allow an attacker to bypass certain security restrictions and potentially gain unauthorized access.
Versions prior to 'util-linux' 2.12 are vulnerable.
The 'login' utility (in 'util-linux') is prone to a security-bypass vulnerability because the utility fails to properly validate user privileges.
Exploiting this issue can allow an attacker to bypass certain security restrictions and potentially gain unauthorized access.
Versions prior to 'util-linux' 2.12 are vulnerable.
Exploit / POC
Util-linux Login Security Bypass Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Util-linux Login Security Bypass Vulnerability
Solution:
Please see the referenced advisories for details on obtaining the appropriate updates.
Solution:
Please see the referenced advisories for details on obtaining the appropriate updates.
References
Util-linux Login Security Bypass Vulnerability
References:
References: