Util-Linux Login Program Information Leakage Vulnerability

BID:9558

Info

Util-Linux Login Program Information Leakage Vulnerability

Bugtraq ID: 9558
Class: Design Error
CVE: CVE-2004-0080
Remote: Yes
Local: No
Published: Feb 03 2004 12:00AM
Updated: Jul 12 2009 02:06AM
Credit: Discovery credited to Matthew Lee.
Vulnerable: SGI ProPack 2.4
SGI ProPack 2.3
SCO OpenLinux Workstation 3.1.1
SCO OpenLinux Server 3.1.1
Redhat Linux 7.2 i386
Redhat Enterprise Linux WS 2.1 IA64
Redhat Enterprise Linux WS 2.1
Redhat Enterprise Linux ES 2.1 IA64
Redhat Enterprise Linux ES 2.1
Redhat Enterprise Linux AS 2.1 IA64
Redhat Enterprise Linux AS 2.1
Netwosix Netwosix Linux 1.1
Netwosix Netwosix Linux 1.0
Not Vulnerable:

Discussion

Util-Linux Login Program Information Leakage Vulnerability

A problem has been identified in the handling of information by the login component of the util-linux package. Because of this, an attacker may be able to gain access to sensitive information.

Exploit / POC

Util-Linux Login Program Information Leakage Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Util-Linux Login Program Information Leakage Vulnerability

Solution:
Netwosix has released an advisory (NLSA-#2004-0010) to address this issue in Netwosix version 1.0 and 1.1. Please see the referenced advisory for more information. Fix is available below.

SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below.

Red Hat has made fixes for this issue available. See referenced advisory RHSA-2004:056-05 for additional details.

SGI has released an advisory 20040201-01-U with a patch to address this and other issues. Please see the referenced advisory for more information.

Fedora Legacy Update Advisory FLSA:1256 has been released to address this issue in Red Hat Linux.

SCO OpenLinux advisory CSSA-2004-016.0 and fixes have been released dealing with this issue.

Gentoo Linux has released GLSA 200404-06 advisory as well as fix information dealing with this issue. It has been recommended that the following action be taken to upgrade the vulnerable application:

All util-linux users should upgrade to version 2.12 or later:

# emerge sync

# emerge -pv ">=sys-apps/util-linux-2.12"
# emerge ">=sys-apps/util-linux-2.12"

Please see the referenced Gentoo advisory for more information.

Silicon Graphics has released advisory 20040406-01-U for Service Pack 2.4 dealing with this issue as well as others. Please see the referenced advisory for more information and details on obtaining fixes.


Netwosix Netwosix Linux 1.0

Netwosix Netwosix Linux 1.1

SGI ProPack 2.3

SGI ProPack 2.4

SCO OpenLinux Workstation 3.1.1

SCO OpenLinux Server 3.1.1

References

Util-Linux Login Program Information Leakage Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report