Family: Red Hat Local Security Checks --> Category: infos
RHSA-2002-137: util Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the util packages
Detailed Explanation for this Vulnerability Test
The util-linux package shipped with Red Hat Linux Advanced Server contains
a locally exploitable vulnerability.
The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. The 'chfn'
utility included in this package allows users to modify personal
information stored in the system-wide password file, /etc/passwd. In order
to modify this file, this application is installed setuid root.
Under certain conditions, a carefully crafted attack sequence can be
performed to exploit a complex file locking and modification race present
in this utility allowing changes to be made to /etc/passwd.
In order to successfully exploit the vulnerability and perform privilege
escalation there is a need for a minimal administrator interaction.
Additionally, the password file must be over 4 kilobytes, and the local
attackers entry must not be in the last 4 kilobytes of the password file.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2002-0638 to this issue.
An interim workaround is to remove setuid flags from /usr/bin/chfn and
/usr/bin/chsh. All users of Red Hat Linux should update to the errata
util-linux packages which contain a patch to correct this vulnerability.
Many thanks to Michal Zalewski of Bindview for alerting us to this issue.
Solution : http://rhn.redhat.com/errata/RHSA-2002-137.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.