Package name
util-linux
Date
2002-08-08
Advisory ID
MDKSA-2002:047
Affected versions
8.1 i586 , SNF7.2 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.2 i586 , 8.0 i586 , 8.2 i586 , 7.1 i586 , 7.2 i586

Problem description

Michal Zalewski found a vulnerability in the util-linux package with the chfn utility. This utility allows users to modify some information in the /etc/passwd file, and is installed setuid root. Using a carefully crafted attack sequence, an attacker can exploit a complex file locking and modification race that would allow them to make changes to the /etc/passwd file. To successfully exploit this vulnerability and obtain privilege escalation, there is a need for some administrator interaction, and the password file must over over 4kb in size; the attacker's entry cannot be in the last 4kb of the file.

Updated packages

8.1 i586

 2405d127006eef10e1d58e23866f0044  ia64/8.1/RPMS/util-linux-2.11h-3.5mdk.ia64.rpm
25c5b47d39f8b1c0147930218ddaecd5  ia64/8.1/SRPMS/util-linux-2.11h-3.5mdk.src.rpm

SNF7.2 i586

 69f07cace4649f3d8326ea8866d95e4f  snf7.2/RPMS/util-linux-2.10o-6.1mdk.i586.rpm
fa4fd5a20bc4cbca324294e3ed712eb1  snf7.2/SRPMS/util-linux-2.10o-6.1mdk.src.rpm

CS1.0 i586

 4c5df1947b62460beb8df7592ef35c6e  1.0.1/RPMS/util-linux-2.10o-6.1mdk.i586.rpm
fa4fd5a20bc4cbca324294e3ed712eb1  1.0.1/SRPMS/util-linux-2.10o-6.1mdk.src.rpm

8.1 i586

 889ba34fcb46d9c2c2f11cf4fa81dd23  8.1/RPMS/util-linux-2.11h-3.5mdk.i586.rpm
25c5b47d39f8b1c0147930218ddaecd5  8.1/SRPMS/util-linux-2.11h-3.5mdk.src.rpm

8.0 i586

 18a2dc6e74636bdf6b7be146dfa3d6cf  8.0/RPMS/util-linux-2.10s-3.2mdk.i586.rpm
dd4a423ddc444a202176b09e5251f6fd  8.0/SRPMS/util-linux-2.10s-3.2mdk.src.rpm

8.2 i586

 f137a274c2969ca3b893e96902dee893  8.2/RPMS/losetup-2.11n-4.3mdk.i586.rpm
c074a07a7f3c3fd92b0be2ebd02dff93  8.2/RPMS/mount-2.11n-4.3mdk.i586.rpm
420c1537cb8260f984125fd6311dc3d1  8.2/RPMS/util-linux-2.11n-4.3mdk.i586.rpm
240139061f653327735eb46c3009d245  8.2/SRPMS/util-linux-2.11n-4.3mdk.src.rpm

8.0 i586

 55e49d1ad321c229a8468f11a43b2fb7  ppc/8.0/RPMS/util-linux-2.11h-3.5mdk.ppc.rpm
25c5b47d39f8b1c0147930218ddaecd5  ppc/8.0/SRPMS/util-linux-2.11h-3.5mdk.src.rpm

8.2 i586

 9260b9deba8a1e025e028217f99df3ed  ppc/8.2/RPMS/losetup-2.11n-4.3mdk.ppc.rpm
abdbafa149f499409c31969ff081e818  ppc/8.2/RPMS/mount-2.11n-4.3mdk.ppc.rpm
3adff58b4e961fa17c8be1d1224072a2  ppc/8.2/RPMS/util-linux-2.11n-4.3mdk.ppc.rpm
240139061f653327735eb46c3009d245  ppc/8.2/SRPMS/util-linux-2.11n-4.3mdk.src.rpm

7.1 i586

 4c5df1947b62460beb8df7592ef35c6e  7.1/RPMS/util-linux-2.10o-6.1mdk.i586.rpm
fa4fd5a20bc4cbca324294e3ed712eb1  7.1/SRPMS/util-linux-2.10o-6.1mdk.src.rpm

7.2 i586

 69f07cace4649f3d8326ea8866d95e4f  7.2/RPMS/util-linux-2.10o-6.1mdk.i586.rpm
fa4fd5a20bc4cbca324294e3ed712eb1  7.2/SRPMS/util-linux-2.10o-6.1mdk.src.rpm

References