2.11U

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

andries-brouwer

nessus

NVD

Published: 2003-03-03

Updated: 2024-11-20

Summary

A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.

Vulnerable Configurations

Part	Description	Count
Application	Andries_Brouwer Andries Brouwer Util Linux 2.11U Andries Brouwer Util Linux 2.11N	2

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2003-016.NASL
description	The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the mcookie being more predictable than it would otherwise be. This patch has been removed in these updates, giving mcookie a better source of entropy and making the generated cookies less predictable. Thanks to Dirk Mueller for pointing this out.
last seen	2020-06-01
modified	2020-06-02
plugin id	14001
published	2004-07-31
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14001
title	Mandrake Linux Security Advisory : util-linux (MDKSA-2003:016)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:016. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14001); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0094"); script_xref(name:"MDKSA", value:"2003:016"); script_name(english:"Mandrake Linux Security Advisory : util-linux (MDKSA-2003:016)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the mcookie being more predictable than it would otherwise be. This patch has been removed in these updates, giving mcookie a better source of entropy and making the generated cookies less predictable. Thanks to Dirk Mueller for pointing this out." ); script_set_attribute( attribute:"solution", value:"Update the affected losetup, mount and / or util-linux packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:losetup"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mount"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:util-linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/02/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"losetup-2.11n-4.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"mount-2.11n-4.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"util-linux-2.11n-4.4mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"losetup-2.11u-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"mount-2.11u-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"util-linux-2.11u-1.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

Summary

Vulnerable Configurations

Nessus

References