The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system.
util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. The BindView RAZOR Team has discovered that because setpwnam.c inadequately locks a temporary file used when making changes to /etc/passwd, a race condition can be used to elevate privileges on the system.
For further details, please see the Bindview Advisory.
A local user may be able to elevate their privileges on the system.
Apply a patch from your vendor, or, an immediate workaround (provided by BindView) is to remove setuid flags from /usr/bin/chfn and /usr/bin/chsh. To remediate the vulnerability, patch the source code as follows.
Red Hat Inc. Affected
Sun Microsystems Inc. Affected
The SCO Group (SCO Linux) Affected
Alcatel Not Affected
Cray Inc. Not Affected
Debian Not Affected
IBM Not Affected
Lotus Software Not Affected
Microsoft Corporation Not Affected
NetBSD Not Affected
Openwall GNU/*/Linux Not Affected
SuSE Inc. Not Affected
Xerox Corporation Not Affected
Apple Computer Inc. Unknown
Cisco Systems Inc. Unknown
Compaq Computer Corporation Unknown
Computer Associates Unknown
Data General Unknown
F5 Networks Unknown
Guardian Digital Inc. Unknown
Hewlett-Packard Company Unknown
Juniper Networks Unknown
Lucent Technologies Unknown
NEC Corporation Unknown
Network Appliance Unknown
Nortel Networks Unknown
Oracle Corporation Unknown
Sony Corporation Unknown
Unisphere Networks Unknown
Wind River Systems Inc. Unknown
Thanks to Michal Zalewski, BindView RAZOR, for reporting this vulnerability.
This document was written by Ian A Finlay.
|Date First Published:||2002-07-29|
|Date Last Updated:||2003-05-30 17:13 UTC|