Vulnerabilities > CVE-2004-0080 - Unspecified vulnerability in Andries Brouwer Util-Linux
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN andries-brouwer
nessus
Summary
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-056.NASL description Updated util-linux packages that fix an information leak in the login program are now available. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. In some situations, the login program could use a pointer that had been freed and reallocated. This could cause unintentional data leakage. Note: Red Hat Enterprise Linux 3 is not vulnerable to this issue. It is recommended that all users upgrade to these updated packages, which are not vulnerable to this issue. Red Hat would like to thank Matthew Lee of Fleming College for finding and reporting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12463 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12463 title RHEL 2.1 : util-linux (RHSA-2004:056) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:056. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12463); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0080"); script_xref(name:"RHSA", value:"2004:056"); script_name(english:"RHEL 2.1 : util-linux (RHSA-2004:056)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated util-linux packages that fix an information leak in the login program are now available. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. In some situations, the login program could use a pointer that had been freed and reallocated. This could cause unintentional data leakage. Note: Red Hat Enterprise Linux 3 is not vulnerable to this issue. It is recommended that all users upgrade to these updated packages, which are not vulnerable to this issue. Red Hat would like to thank Matthew Lee of Fleming College for finding and reporting this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0080" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:056" ); script_set_attribute( attribute:"solution", value:"Update the affected util-linux package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:util-linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/03/03"); script_set_attribute(attribute:"patch_publication_date", value:"2004/02/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:056"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"util-linux-2.11f-20.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux"); } }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200404-06.NASL description The remote host is affected by the vulnerability described in GLSA-200404-06 (Util-linux login may leak sensitive data) In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems (i.e. -PAM in their USE variable) will be affected by this vulnerability. By default, this USE flag is enabled on all architectures. Users with PAM support on their system receive login binaries as part of the pam-login package, which remains unaffected. Impact : A remote attacker may obtain sensitive data. Workaround : A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package. last seen 2020-06-01 modified 2020-06-02 plugin id 14471 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14471 title GLSA-200404-06 : Util-linux login may leak sensitive data code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200404-06. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(14471); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-0080"); script_xref(name:"GLSA", value:"200404-06"); script_name(english:"GLSA-200404-06 : Util-linux login may leak sensitive data"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200404-06 (Util-linux login may leak sensitive data) In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems (i.e. -PAM in their USE variable) will be affected by this vulnerability. By default, this USE flag is enabled on all architectures. Users with PAM support on their system receive login binaries as part of the pam-login package, which remains unaffected. Impact : A remote attacker may obtain sensitive data. Workaround : A workaround is not currently known for this issue. All users are advised to upgrade to the latest version of the affected package." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200404-06" ); script_set_attribute( attribute:"solution", value: "All util-linux users should upgrade to version 2.12 or later: # emerge sync # emerge -pv '>=sys-apps/util-linux-2.12' # emerge '>=sys-apps/util-linux-2.12'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:util-linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-apps/util-linux", unaffected:make_list("ge 2.12"), vulnerable:make_list("le 2.11"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sys-apps/util-linux"); }
Redhat
| advisories |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
- ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U
- ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U
- http://marc.info/?l=bugtraq&m=108077689801698&w=2
- http://marc.info/?l=bugtraq&m=108077689801698&w=2
- http://marc.info/?l=bugtraq&m=108144719532385&w=2
- http://marc.info/?l=bugtraq&m=108144719532385&w=2
- http://secunia.com/advisories/10773
- http://secunia.com/advisories/10773
- http://security.gentoo.org/glsa/glsa-200404-06.xml
- http://security.gentoo.org/glsa/glsa-200404-06.xml
- http://www.kb.cert.org/vuls/id/801526
- http://www.kb.cert.org/vuls/id/801526
- http://www.osvdb.org/3796
- http://www.osvdb.org/3796
- http://www.redhat.com/support/errata/RHSA-2004-056.html
- http://www.redhat.com/support/errata/RHSA-2004-056.html
- http://www.securityfocus.com/bid/9558
- http://www.securityfocus.com/bid/9558
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15016
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15016