SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Util-linux Vendors:   kernel.org
(Red Hat Issues Fix) Util-linux Input Validation Flaw Lets Remote Users Inject Data into the Log Files
SecurityTracker Alert ID:  1022258
SecurityTracker URL:  http://securitytracker.com/id/1022258
CVE Reference:   CVE-2008-1926   (Links to External Site)
Date:  May 19 2009
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.14 and prior versions
Description:   A vulnerability was reported in Util-linux. A remote user can inject data into the log files.

A remote user can supply a specially crafted account name value to potentially modify portions of the audit log.

The vulnerability resides in 'login-utils/login.c'.

Mirek reported this vulnerability.

Impact:   A remote user can inject data into the log files.
Solution:   Red Hat has released a fix.

The Red Hat advisory is available at:

https://rhn.redhat.com/errata/RHSA-2009-0981.html

Cause:   Input validation error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  4

Message History:   This archive entry is a follow-up to the message listed below.
May 19 2009 Util-linux Input Validation Flaw Lets Remote Users Inject Data into the Log Files



 Source Message Contents

Subject:  [RHSA-2009:0981-01] Low: util-linux security and bug fix update


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: util-linux security and bug fix update
Advisory ID:       RHSA-2009:0981-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2009-0981.html
Issue date:        2009-05-18
Keywords:          mount nfs fdisk login audit
CVE Names:         CVE-2008-1926 
=====================================================================

1. Summary:

An updated util-linux package that fixes one security issue and several
bugs is now available.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

The util-linux package contains a collection of basic system utilities,
such as fdisk and mount.

A log injection attack was found in util-linux when logging log in attempts
via the audit subsystem of the Linux kernel. A remote attacker could use
this flaw to modify certain parts of logged events, possibly hiding their
activities on a system. (CVE-2008-1926)

This updated package also fixes the following bugs:

recognized file systems used by fdisk. Consequently, if VMware ESX was
installed, "fdisk -l" returned "Unknown" for these partitions. With this
update, information regarding the VMKcore and VMFS partitions has been
added to the file systems list. On systems running VMware ESX, "fdisk -l"
now lists information about these partitions as expected. (BZ#447264)

* if a username was not set, the login command would fail with a
Segmentation fault. With this update, login lets the audit system handle
NULL usernames (it sends an AUDIT_USER_LOGIN message to the audit system in
the event there is no username set). (BZ#456213)

* the nfs(5) man page listed version 2 as the default. This is incorrect:
unless otherwise specified, the NFS client uses NFS version 3. The man page
has been corrected. (BZ#458539)

* in certain situations, backgrounded NFS mounts died shortly after being
backgrounded when the mount command was executed by the initlog command,
which, for example, would occur when running an init script, such as
running the "service netfs start" command. In these situations, running the
"ps -ef" command showed backgrounded NFS mounts disappearing shortly after
being backgrounded. In this updated package, backgrounded mount processes
detach from the controlling terminal, which resolves this issue.
(BZ#461488)

* if a new partition's starting cylinder was beyond one terabyte, fdisk
could not create the partition. This has been fixed. (BZ#471372)

* in rare cases "mount -a" ignored fstab order and tried to re-mount file
systems on mpath devices. With this update, mount honors fstab order even
in the rare cases reported. (BZ#472186)

* the "mount --move" command moved a file system's mount point as expected
(for example, /proc/mounts showed the changed mount point as expected) but
did not update /etc/mtab properly. With this update, the "mount --move"
command gathers all necessary information about the old mount point, copies
it to the new mount point and then deletes the old point, ensuring
/etc/mtab is updated properly. (BZ#485004)

Util-linux users are advised to upgrade to this updated package, which
addresses this vulnerability and resolves these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

443925 - CVE-2008-1926 util-linux: audit log injection via login
447264 - RHEL4: VMware fdisk partitions
456213 - RHEL4: login segfaults on EOF
456379 - RHEL4: audit log injection attack via login
458539 - man nfs : wrong information about nfs version used
461488 - Backgrounded NFS mounts dies soon after "service netfs start" command is issued
471372 - RHEL4: fdisk cannot create partition with starting beyond 1 TB
472186 - mount -a has problems with duplicate labels in a mpath setup
485004 - Move mount doesn't correctly update mtab

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/util-linux-2.12a-24.el4.src.rpm

i386:
util-linux-2.12a-24.el4.i386.rpm
util-linux-debuginfo-2.12a-24.el4.i386.rpm

ia64:
util-linux-2.12a-24.el4.ia64.rpm
util-linux-debuginfo-2.12a-24.el4.ia64.rpm

ppc:
util-linux-2.12a-24.el4.ppc.rpm
util-linux-debuginfo-2.12a-24.el4.ppc.rpm

s390:
util-linux-2.12a-24.el4.s390.rpm
util-linux-debuginfo-2.12a-24.el4.s390.rpm

s390x:
util-linux-2.12a-24.el4.s390x.rpm
util-linux-debuginfo-2.12a-24.el4.s390x.rpm

x86_64:
util-linux-2.12a-24.el4.x86_64.rpm
util-linux-debuginfo-2.12a-24.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/util-linux-2.12a-24.el4.src.rpm

i386:
util-linux-2.12a-24.el4.i386.rpm
util-linux-debuginfo-2.12a-24.el4.i386.rpm

x86_64:
util-linux-2.12a-24.el4.x86_64.rpm
util-linux-debuginfo-2.12a-24.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/util-linux-2.12a-24.el4.src.rpm

i386:
util-linux-2.12a-24.el4.i386.rpm
util-linux-debuginfo-2.12a-24.el4.i386.rpm

ia64:
util-linux-2.12a-24.el4.ia64.rpm
util-linux-debuginfo-2.12a-24.el4.ia64.rpm

x86_64:
util-linux-2.12a-24.el4.x86_64.rpm
util-linux-debuginfo-2.12a-24.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/util-linux-2.12a-24.el4.src.rpm

i386:
util-linux-2.12a-24.el4.i386.rpm
util-linux-debuginfo-2.12a-24.el4.i386.rpm

ia64:
util-linux-2.12a-24.el4.ia64.rpm
util-linux-debuginfo-2.12a-24.el4.ia64.rpm

x86_64:
util-linux-2.12a-24.el4.x86_64.rpm
util-linux-debuginfo-2.12a-24.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1926
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2009 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFKEctxXlSAg2UNWIIRAnovAJoD5kPpV9Zju1lKr6BTN00AdLd14QCdFRe8
zyW2l4sz4sBAW96rRu8suwQ=
=IH4U
-----END PGP SIGNATURE-----


-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC