The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system.
util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. The BindView RAZOR Team has discovered that because setpwnam.c inadequately locks a temporary file used when making changes to /etc/passwd, a race condition can be used to elevate privileges on the system.
For further details, please see the Bindview Advisory.
A local user may be able to elevate their privileges on the system.
Apply a patch from your vendor, or, an immediate workaround (provided by BindView) is to remove setuid flags from /usr/bin/chfn and /usr/bin/chsh. To remediate the vulnerability, patch the source code as follows.
Thanks to Michal Zalewski, BindView RAZOR, for reporting this vulnerability.
|Date First Published:||2002-07-29|
|Date Last Updated:||2003-05-30 17:13 UTC|