Vulnerability Bulletins |
Aumento de privilegios en util-linux |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Aumento de privilegios |
| Dificulty | Experto |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | util-linux |
Description |
|
|
Se ha encontrado una vulnerabilidad en util-linux en los comandos mount y umount. La vulnerabilidad reside al llamar a las funciones setuid y setgid en orden incorrecto y al no comprobar los valores de retorno. Un atacante remoto podría aumentar sus privilegios mediante helpers tales como mount.nfs. |
|
Solution |
|
|
Actualización de software Mandriva (MDKSA-2007:198) Corporate Server 3.0 X86 corporate/3.0/i586/losetup-2.12-2.3.C30mdk.i586.rpm corporate/3.0/i586/mount-2.12-2.3.C30mdk.i586.rpm corporate/3.0/i586/util-linux-2.12-2.3.C30mdk.i586.rpm corporate/3.0/SRPMS/util-linux-2.12-2.3.C30mdk.src.rpm X86_64 corporate/3.0/x86_64/losetup-2.12-2.3.C30mdk.x86_64.rpm corporate/3.0/x86_64/mount-2.12-2.3.C30mdk.x86_64.rpm corporate/3.0/x86_64/util-linux-2.12-2.3.C30mdk.x86_64.rpm corporate/3.0/SRPMS/util-linux-2.12-2.3.C30mdk.src.rpm Multi Network Firewall 2.0 X86 mnf/2.0/i586/losetup-2.12-2.3.M20mdk.i586.rpm mnf/2.0/i586/mount-2.12-2.3.M20mdk.i586.rpm mnf/2.0/i586/util-linux-2.12-2.3.M20mdk.i586.rpm mnf/2.0/SRPMS/util-linux-2.12-2.3.M20mdk.src.rpm Mandriva Linux 2007 X86 2007.0/i586/losetup-2.12r-8.3mdv2007.0.i586.rpm 2007.0/i586/mount-2.12r-8.3mdv2007.0.i586.rpm 2007.0/i586/util-linux-2.12r-8.3mdv2007.0.i586.rpm 2007.0/SRPMS/util-linux-2.12r-8.3mdv2007.0.src.rpm X86_64 2007.0/x86_64/losetup-2.12r-8.3mdv2007.0.x86_64.rpm 2007.0/x86_64/mount-2.12r-8.3mdv2007.0.x86_64.rpm 2007.0/x86_64/util-linux-2.12r-8.3mdv2007.0.x86_64.rpm 2007.0/SRPMS/util-linux-2.12r-8.3mdv2007.0.src.rpm Corporate Server 4.0 X86 corporate/4.0/i586/losetup-2.12q-7.3.20060mlcs4.i586.rpm corporate/4.0/i586/mount-2.12q-7.3.20060mlcs4.i586.rpm corporate/4.0/i586/util-linux-2.12q-7.3.20060mlcs4.i586.rpm corporate/4.0/SRPMS/util-linux-2.12q-7.3.20060mlcs4.src.rpm X86_64 corporate/4.0/x86_64/losetup-2.12q-7.3.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/mount-2.12q-7.3.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/util-linux-2.12q-7.3.20060mlcs4.x86_64.rpm corporate/4.0/SRPMS/util-linux-2.12q-7.3.20060mlcs4.src.rpm Mandriva Linux 2007.1 X86 2007.1/i586/losetup-2.12r-12.2mdv2007.1.i586.rpm 2007.1/i586/mount-2.12r-12.2mdv2007.1.i586.rpm 2007.1/i586/util-linux-2.12r-12.2mdv2007.1.i586.rpm 2007.1/SRPMS/util-linux-2.12r-12.2mdv2007.1.src.rpm X86_64 2007.1/x86_64/losetup-2.12r-12.2mdv2007.1.x86_64.rpm 2007.1/x86_64/mount-2.12r-12.2mdv2007.1.x86_64.rpm 2007.1/x86_64/util-linux-2.12r-12.2mdv2007.1.x86_64.rpm 2007.1/SRPMS/util-linux-2.12r-12.2mdv2007.1.src.rpm Mandriva Linux 2008.0 X86 2008.0/i586/util-linux-ng-2.13-3.1mdv2008.0.i586.rpm 2008.0/SRPMS/util-linux-ng-2.13-3.1mdv2008.0.src.rpm X86_64 2008.0/x86_64/util-linux-ng-2.13-3.1mdv2008.0.x86_64.rpm 2008.0/SRPMS/util-linux-ng-2.13-3.1mdv2008.0.src.rpm Red Hat (RHSA-2007:0969-5) Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Debian (DSA 1449-1) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2.dsc http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p.orig.tar.gz http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2.diff.gz alpha http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_alpha.deb amd64 http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_amd64.deb arm http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_arm.deb hppa http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_hppa.deb i386 http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_i386.deb ia64 http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_ia64.deb m68k http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_m68k.deb mips http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_mips.deb mipsel http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_mipsel.deb powerpc http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_powerpc.deb s390 http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_s390.deb sparc http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_sparc.deb Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1.diff.gz http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1.dsc alpha http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_alpha.deb http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_alpha.udeb amd64 http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_amd64.udeb http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_amd64.deb arm http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_arm.udeb http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_arm.deb hppa http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_hppa.udeb http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_hppa.deb i386 http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_i386.udeb http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_i386.deb ia64 http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_ia64.deb http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_ia64.udeb mips http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_mips.deb http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_mips.udeb mipsel http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_mipsel.deb http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_mipsel.udeb powerpc http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_powerpc.deb http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_powerpc.udeb s390 http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_s390.deb http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_s390.udeb sparc http://security.debian.org/pool/updates/main/l/loop-aes-utils/mount-aes-udeb_2.12r-15+etch1_sparc.udeb http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1_sparc.deb Debian (DSA 1450-1) Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.dsc http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.diff.gz http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p.orig.tar.gz Architecture independent http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12p-4sarge2_all.deb alpha http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_alpha.deb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_alpha.deb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_alpha.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_alpha.udeb arm http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_arm.deb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_arm.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_arm.udeb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_arm.deb hppa http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_hppa.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_hppa.udeb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_hppa.deb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_hppa.deb i386 http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_i386.udeb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_i386.deb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_i386.deb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_i386.deb ia64 http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_ia64.deb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_ia64.deb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_ia64.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_ia64.udeb m68k http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_m68k.deb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_m68k.deb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_m68k.deb mips http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_mips.deb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_mips.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_mips.udeb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_mips.deb mipsel http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_mipsel.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_mipsel.udeb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_mipsel.deb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_mipsel.deb powerpc http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_powerpc.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_powerpc.udeb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_powerpc.deb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_powerpc.deb s390 http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_s390.deb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_s390.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_s390.udeb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_s390.deb sparc http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_sparc.deb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_sparc.deb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_sparc.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_sparc.udeb Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1.dsc http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1.diff.gz Architecture independent http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12r-19etch1_all.deb alpha http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_alpha.udeb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_alpha.deb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_alpha.deb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_alpha.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_alpha.udeb amd64 http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_amd64.deb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_amd64.deb http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_amd64.udeb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_amd64.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_amd64.udeb arm http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_arm.udeb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_arm.udeb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_arm.deb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_arm.deb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_arm.deb hppa http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_hppa.udeb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_hppa.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_hppa.udeb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_hppa.deb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_hppa.deb i386 http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_i386.udeb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_i386.udeb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_i386.deb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_i386.deb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_i386.deb ia64 http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_ia64.deb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_ia64.deb http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_ia64.udeb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_ia64.udeb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_ia64.deb mips http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_mips.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_mips.udeb http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_mips.udeb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_mips.deb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_mips.deb mipsel http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_mipsel.udeb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_mipsel.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_mipsel.udeb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_mipsel.deb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_mipsel.deb powerpc http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_powerpc.udeb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_powerpc.deb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_powerpc.deb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_powerpc.deb http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_powerpc.udeb s390 http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_s390.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_s390.udeb http://security.debian.org/pool/updates/main/u/util-linux/cfdisk-udeb_2.12r-19etch1_s390.udeb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_s390.deb http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_s390.deb sparc http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12r-19etch1_sparc.deb http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12r-19etch1_sparc.udeb http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12r-19etch1_sparc.deb http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12r-19etch1_sparc.deb |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2007-5191 |
| BID | 25973 |
Other resources |
|
|
Mandriva Security Advisory (MDKSA-2007:198) http://www.mandriva.com/security/advisories?name=MDKSA-2007:198 Red Hat Security Advisory (RHSA-2007:0969-5) https://rhn.redhat.com/errata/RHSA-2007-0969.html Debian Security Advisory (DSA 1449-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00005.html Debian Security Advisory (DSA 1450-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00006.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-10-22 |
| 1.1 | Aviso emitido por Red Hat (RHSA-2007:0969-5) | 2007-11-19 |
| 1.2 | Aviso emitido por Debian (DSA 1449-1), aviso emitido por Debian (DSA 1450-1) | 2008-01-07 |