The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system.
util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. The BindView RAZOR Team has discovered that because setpwnam.c inadequately locks a temporary file used when making changes to /etc/passwd, a race condition can be used to elevate privileges on the system.
For further details, please see the Bindview Advisory.
A local user may be able to elevate their privileges on the system.
Apply a patch from your vendor, or, an immediate workaround (provided by BindView) is to remove setuid flags from /usr/bin/chfn and /usr/bin/chsh. To remediate the vulnerability, patch the source code as follows.
Red Hat Inc.
Sun Microsystems Inc.
The SCO Group (SCO Linux)
Apple Computer Inc.
Cisco Systems Inc.
Compaq Computer Corporation
Guardian Digital Inc.
Wind River Systems Inc.
Thanks to Michal Zalewski, BindView RAZOR, for reporting this vulnerability.
This document was written by Ian A Finlay.
|Date First Published:||2002-07-29|
|Date Last Updated:||2003-05-30 17:13 UTC|