Vulnerability Note VU#801526

util-linux login program discloses sensitive information

Original Release date: 23 Mar 2004 | Last revised: 23 Mar 2004

Overview

util-linux login program uses a pointer that was previously freed and reallocated which could allow an attacker to gain access to sensitive information.

Description

util-linux is shipped with Red Hat and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, chfn, and login. There is a vulnerability in the way the login program uses a pointer that was previously freed and reallocated resulting in an information leak. This could be used by an attacker to gain access to sensitive information.

Impact

An attacker may be able to gain access to sensitive information.

Solution

Apply Patch

Apply a patch from your vendor.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Red Hat Inc.Affected-23 Mar 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Red Hat credits Matthew Lee for reporting this vulnerability.

This document was written by Damon Morda.

Other Information

  • CVE IDs: CAN-2004-0080
  • Date Public: 03 Feb 2004
  • Date First Published: 23 Mar 2004
  • Date Last Updated: 23 Mar 2004
  • Severity Metric: 1.40
  • Document Revision: 4

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.