Util-Linux Login Program Information Leakage Vulnerability
BID:9558
Info
Util-Linux Login Program Information Leakage Vulnerability
| Bugtraq ID: | 9558 |
| Class: | Design Error |
| CVE: |
CVE-2004-0080 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 03 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery credited to Matthew Lee. |
| Vulnerable: |
SGI ProPack 2.4 SGI ProPack 2.3 SCO OpenLinux Workstation 3.1.1 SCO OpenLinux Server 3.1.1 Redhat Linux 7.2 i386 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Netwosix Netwosix Linux 1.1 Netwosix Netwosix Linux 1.0 |
| Not Vulnerable: | |
Discussion
Util-Linux Login Program Information Leakage Vulnerability
A problem has been identified in the handling of information by the login component of the util-linux package. Because of this, an attacker may be able to gain access to sensitive information.
A problem has been identified in the handling of information by the login component of the util-linux package. Because of this, an attacker may be able to gain access to sensitive information.
Exploit / POC
Util-Linux Login Program Information Leakage Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Util-Linux Login Program Information Leakage Vulnerability
Solution:
Netwosix has released an advisory (NLSA-#2004-0010) to address this issue in Netwosix version 1.0 and 1.1. Please see the referenced advisory for more information. Fix is available below.
SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below.
Red Hat has made fixes for this issue available. See referenced advisory RHSA-2004:056-05 for additional details.
SGI has released an advisory 20040201-01-U with a patch to address this and other issues. Please see the referenced advisory for more information.
Fedora Legacy Update Advisory FLSA:1256 has been released to address this issue in Red Hat Linux.
SCO OpenLinux advisory CSSA-2004-016.0 and fixes have been released dealing with this issue.
Gentoo Linux has released GLSA 200404-06 advisory as well as fix information dealing with this issue. It has been recommended that the following action be taken to upgrade the vulnerable application:
All util-linux users should upgrade to version 2.12 or later:
# emerge sync
# emerge -pv ">=sys-apps/util-linux-2.12"
# emerge ">=sys-apps/util-linux-2.12"
Please see the referenced Gentoo advisory for more information.
Silicon Graphics has released advisory 20040406-01-U for Service Pack 2.4 dealing with this issue as well as others. Please see the referenced advisory for more information and details on obtaining fixes.
Netwosix Netwosix Linux 1.0
Netwosix Netwosix Linux 1.1
SGI ProPack 2.3
SGI ProPack 2.4
SCO OpenLinux Workstation 3.1.1
SCO OpenLinux Server 3.1.1
Solution:
Netwosix has released an advisory (NLSA-#2004-0010) to address this issue in Netwosix version 1.0 and 1.1. Please see the referenced advisory for more information. Fix is available below.
SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below.
Red Hat has made fixes for this issue available. See referenced advisory RHSA-2004:056-05 for additional details.
SGI has released an advisory 20040201-01-U with a patch to address this and other issues. Please see the referenced advisory for more information.
Fedora Legacy Update Advisory FLSA:1256 has been released to address this issue in Red Hat Linux.
SCO OpenLinux advisory CSSA-2004-016.0 and fixes have been released dealing with this issue.
Gentoo Linux has released GLSA 200404-06 advisory as well as fix information dealing with this issue. It has been recommended that the following action be taken to upgrade the vulnerable application:
All util-linux users should upgrade to version 2.12 or later:
# emerge sync
# emerge -pv ">=sys-apps/util-linux-2.12"
# emerge ">=sys-apps/util-linux-2.12"
Please see the referenced Gentoo advisory for more information.
Silicon Graphics has released advisory 20040406-01-U for Service Pack 2.4 dealing with this issue as well as others. Please see the referenced advisory for more information and details on obtaining fixes.
Netwosix Netwosix Linux 1.0
-
Netwosix nepote
http://download.netwosix.org/0010/nepote
Netwosix Netwosix Linux 1.1
-
Netwosix nepote
http://download.netwosix.org/0010/nepote
SGI ProPack 2.3
-
SGI patch10050.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0050.tar.gz
SGI ProPack 2.4
-
SGI patch10044.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0044.tar.gz
SCO OpenLinux Workstation 3.1.1
-
SCO util-linux-2.12-1.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-01 6.0/RPMS/util-linux-2.12-1.i386.rpm
SCO OpenLinux Server 3.1.1
-
SCO util-linux-2.12-1.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-016.0/R PMS/util-linux-2.12-1.i386.rpm
References
Util-Linux Login Program Information Leakage Vulnerability
References:
References: