Vulnerabilities > CVE-2007-5191 - Unchecked Return Value vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0969.NASL description From Red Hat Security Advisory 2007:0969 : Updated util-linux packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. A flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper applications such as, mount.nfs, with additional privileges (CVE-2007-5191). Users are advised to update to these erratum packages which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67589 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67589 title Oracle Linux 3 / 4 : util-linux (ELSA-2007-0969) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0969 and # Oracle Linux Security Advisory ELSA-2007-0969 respectively. # include("compat.inc"); if (description) { script_id(67589); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2007-5191"); script_xref(name:"RHSA", value:"2007:0969"); script_name(english:"Oracle Linux 3 / 4 : util-linux (ELSA-2007-0969)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:0969 : Updated util-linux packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. A flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper applications such as, mount.nfs, with additional privileges (CVE-2007-5191). Users are advised to update to these erratum packages which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-December/000424.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-November/000396.html" ); script_set_attribute( attribute:"solution", value:"Update the affected util-linux packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:losetup"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mount"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:util-linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/04"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"losetup-2.11y-31.24")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"losetup-2.11y-31.24")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"mount-2.11y-31.24")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"mount-2.11y-31.24")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"util-linux-2.11y-31.24")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"util-linux-2.11y-31.24")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"util-linux-2.12a-17.el4_6.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "losetup / mount / util-linux"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2007-2462.NASL description - Mon Oct 8 2007 Karel Zak <kzak at redhat.com> 2.13-0.54.1 - fix #320131 - CVE-2007-5191 util-linux (u)mount doesn last seen 2020-06-01 modified 2020-06-02 plugin id 27773 published 2007-11-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27773 title Fedora 7 : util-linux-2.13-0.54.1.fc7 (2007-2462) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-2462. # include("compat.inc"); if (description) { script_id(27773); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_cve_id("CVE-2007-5191"); script_xref(name:"FEDORA", value:"2007-2462"); script_name(english:"Fedora 7 : util-linux-2.13-0.54.1.fc7 (2007-2462)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Oct 8 2007 Karel Zak <kzak at redhat.com> 2.13-0.54.1 - fix #320131 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [F7] - Wed Aug 8 2007 Karel Zak <kzak at redhat.com> 2.13-0.54 - backport mount relatime patch - Thu Aug 2 2007 Karel Zak <kzak at redhat.com> 2.13-0.53 - fix #236848 - mount/fstab.c:lock_mtab() should open with proper permissions - fix #238918 - blockdev --getsize does not work properly on devices with more than 2^31 sectors - Mon Jul 9 2007 Karel Zak <kzak at redhat.com> 2.13-0.52 - fix #245578 - login's PAM configuration inits the keyring at an inconvenient time - fix #231532 - 'pamconsole' not documented in mount(8) - fix #243930 - translation files exist, but are not being used - fix #228731 - sfdisk doesn't support DM-MP device (add default heads and sectors) - fix #231192 - ipcs is not printing correct values on pLinux - fix #245912 - mount doesn't write the 'loop=...' option in /etc/mtab when mounting a loop device - fix #213253 - 'cal -3' generates improperly formatted output Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=320041" ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-October/004114.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1430300c" ); script_set_attribute( attribute:"solution", value:"Update the affected util-linux and / or util-linux-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:util-linux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:util-linux-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"util-linux-2.13-0.54.1.fc7")) flag++; if (rpm_check(release:"FC7", reference:"util-linux-debuginfo-2.13-0.54.1.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux / util-linux-debuginfo"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2007-722.NASL description - Mon Oct 8 2007 Karel Zak <kzak at redhat.com> 2.13-0.49 - fix #320141 - CVE-2007-5191 util-linux (u)mount doesn last seen 2020-06-01 modified 2020-06-02 plugin id 27059 published 2007-10-16 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27059 title Fedora Core 6 : util-linux-2.13-0.49.fc6 (2007-722) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2007-722. # include("compat.inc"); if (description) { script_id(27059); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:26"); script_xref(name:"FEDORA", value:"2007-722"); script_name(english:"Fedora Core 6 : util-linux-2.13-0.49.fc6 (2007-722)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Oct 8 2007 Karel Zak <kzak at redhat.com> 2.13-0.49 - fix #320141 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [FC6] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2007-October/004186.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4e279a29" ); script_set_attribute( attribute:"solution", value:"Update the affected util-linux and / or util-linux-debuginfo packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:util-linux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:util-linux-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:6"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 6.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC6", reference:"util-linux-2.13-0.49.fc6")) flag++; if (rpm_check(release:"FC6", reference:"util-linux-debuginfo-2.13-0.49.fc6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux / util-linux-debuginfo"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0969.NASL description Updated util-linux packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. A flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper applications such as, mount.nfs, with additional privileges (CVE-2007-5191). Users are advised to update to these erratum packages which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 28242 published 2007-11-16 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28242 title RHEL 3 / 4 / 5 : util-linux (RHSA-2007:0969) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0969. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(28242); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2007-5191"); script_xref(name:"RHSA", value:"2007:0969"); script_name(english:"RHEL 3 / 4 / 5 : util-linux (RHSA-2007:0969)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated util-linux packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. A flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper applications such as, mount.nfs, with additional privileges (CVE-2007-5191). Users are advised to update to these erratum packages which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5191" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0969" ); script_set_attribute( attribute:"solution", value:"Update the affected losetup, mount and / or util-linux packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:losetup"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mount"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:util-linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/04"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:0969"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"losetup-2.11y-31.24")) flag++; if (rpm_check(release:"RHEL3", reference:"mount-2.11y-31.24")) flag++; if (rpm_check(release:"RHEL3", reference:"util-linux-2.11y-31.24")) flag++; if (rpm_check(release:"RHEL4", reference:"util-linux-2.12a-17.el4_6.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"util-linux-2.13-0.45.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"util-linux-2.13-0.45.el5_1.1")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"util-linux-2.13-0.45.el5_1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "losetup / mount / util-linux"); } }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1449.NASL description It was discovered that loop-aes-utils, tools for mounting and manipulating filesystems, didn last seen 2020-06-01 modified 2020-06-02 plugin id 29858 published 2008-01-07 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29858 title Debian DSA-1449-1 : loop-aes-utils - programming error code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1449. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(29858); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2007-5191"); script_xref(name:"DSA", value:"1449"); script_name(english:"Debian DSA-1449-1 : loop-aes-utils - programming error"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that loop-aes-utils, tools for mounting and manipulating filesystems, didn't drop privileged user and group permissions in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges." ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1449" ); script_set_attribute( attribute:"solution", value: "Upgrade the loop-aes-utils package. For the old stable distribution (sarge), this problem has been fixed in version 2.12p-4sarge2. For the stable distribution (etch), this problem has been fixed in version 2.12r-15+etch1." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:loop-aes-utils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"loop-aes-utils", reference:"2.12p-4sarge2")) flag++; if (deb_check(release:"4.0", prefix:"loop-aes-utils", reference:"2.12r-15+etch1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200710-18.NASL description The remote host is affected by the vulnerability described in GLSA-200710-18 (util-linux: Local privilege escalation) Ludwig Nussel discovered that the check_special_mountprog() and check_special_umountprog() functions call setuid() and setgid() in the wrong order and do not check the return values, which can lead to privileges being dropped improperly. Impact : A local attacker may be able to exploit this vulnerability by using mount helpers such as the mount.nfs program to gain root privileges and run arbitrary commands. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 27516 published 2007-10-19 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27516 title GLSA-200710-18 : util-linux: Local privilege escalation code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200710-18. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(27516); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2007-5191"); script_xref(name:"GLSA", value:"200710-18"); script_name(english:"GLSA-200710-18 : util-linux: Local privilege escalation"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200710-18 (util-linux: Local privilege escalation) Ludwig Nussel discovered that the check_special_mountprog() and check_special_umountprog() functions call setuid() and setgid() in the wrong order and do not check the return values, which can lead to privileges being dropped improperly. Impact : A local attacker may be able to exploit this vulnerability by using mount helpers such as the mount.nfs program to gain root privileges and run arbitrary commands. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200710-18" ); script_set_attribute( attribute:"solution", value: "All util-linux users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/util-linux-2.12r-r8'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:util-linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-apps/util-linux", unaffected:make_list("ge 2.12r-r8"), vulnerable:make_list("lt 2.12r-r8"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux"); }
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-198.NASL description The mount and umount programs in util-linux called the setuid() and setgid() functions in the wrong order and did not check the return values, which could allow attackers to grain privileges via helper applications such as mount.nfs. Updated packages have been patched to fix this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 27071 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27071 title Mandrake Linux Security Advisory : util-linux (MDKSA-2007:198) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:198. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(27071); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2007-5191"); script_xref(name:"MDKSA", value:"2007:198"); script_name(english:"Mandrake Linux Security Advisory : util-linux (MDKSA-2007:198)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The mount and umount programs in util-linux called the setuid() and setgid() functions in the wrong order and did not check the return values, which could allow attackers to grain privileges via helper applications such as mount.nfs. Updated packages have been patched to fix this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:losetup"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mount"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:util-linux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:util-linux-ng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"losetup-2.12r-8.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"mount-2.12r-8.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"util-linux-2.12r-8.3mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"losetup-2.12r-12.2mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"mount-2.12r-12.2mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.1", reference:"util-linux-2.12r-12.2mdv2007.1", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"util-linux-ng-2.13-3.1mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-533-1.NASL description Ludwig Nussel discovered that mount and umount did not properly drop privileges when using helper programs. Local attackers may be able to bypass security restrictions and gain root privileges using programs such as mount.nfs or mount.cifs. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28139 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28139 title Ubuntu 6.06 LTS / 6.10 / 7.04 : util-linux vulnerability (USN-533-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-533-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28139); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-5191"); script_xref(name:"USN", value:"533-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 : util-linux vulnerability (USN-533-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Ludwig Nussel discovered that mount and umount did not properly drop privileges when using helper programs. Local attackers may be able to bypass security restrictions and gain root privileges using programs such as mount.nfs or mount.cifs. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/533-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:bsdutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:mount"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:util-linux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:util-linux-locales"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10|7\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"bsdutils", pkgver:"2.12r-4ubuntu6.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"mount", pkgver:"2.12r-4ubuntu6.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"util-linux", pkgver:"2.12r-4ubuntu6.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"util-linux-locales", pkgver:"2.12r-4ubuntu6.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"bsdutils", pkgver:"2.12r-11ubuntu2.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"mount", pkgver:"2.12r-11ubuntu2.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"util-linux", pkgver:"2.12r-11ubuntu2.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"util-linux-locales", pkgver:"2.12r-11ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"bsdutils", pkgver:"2.12r-17ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"mount", pkgver:"2.12r-17ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"util-linux", pkgver:"2.12r-17ubuntu2.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"util-linux-locales", pkgver:"2.12r-17ubuntu2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "bsdutils / mount / util-linux / util-linux-locales"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20071115_UTIL_LINUX_ON_SL5_X.NASL description A flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper applications such as, mount.nfs, with additional privileges (CVE-2007-5191) last seen 2020-06-01 modified 2020-06-02 plugin id 60311 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60311 title Scientific Linux Security Update : util-linux on SL5.x, SL4.x, SL3.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60311); script_version("1.4"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2007-5191"); script_name(english:"Scientific Linux Security Update : util-linux on SL5.x, SL4.x, SL3.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper applications such as, mount.nfs, with additional privileges (CVE-2007-5191)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0711&L=scientific-linux-errata&T=0&P=3126 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?34adae88" ); script_set_attribute( attribute:"solution", value:"Update the affected losetup, mount and / or util-linux packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL3", reference:"losetup-2.11y-31.24")) flag++; if (rpm_check(release:"SL3", reference:"mount-2.11y-31.24")) flag++; if (rpm_check(release:"SL3", reference:"util-linux-2.11y-31.24")) flag++; if (rpm_check(release:"SL4", reference:"util-linux-2.12a-17.1")) flag++; if (rpm_check(release:"SL5", reference:"util-linux-2.13-0.45.el5.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1450.NASL description It was discovered that util-linux, miscellaneous system utilities, didn last seen 2020-06-01 modified 2020-06-02 plugin id 29859 published 2008-01-07 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29859 title Debian DSA-1450-1 : util-linux - programming error code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1450. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(29859); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2007-5191"); script_xref(name:"DSA", value:"1450"); script_name(english:"Debian DSA-1450-1 : util-linux - programming error"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that util-linux, miscellaneous system utilities, didn't drop privileged user and group permissions in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges." ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1450" ); script_set_attribute( attribute:"solution", value: "Upgrade the util-linux package. For the old stable distribution (sarge), this problem has been fixed in version 2.12p-4sarge2. For the stable distribution (etch), this problem has been fixed in version 2.12r-19etch1." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:util-linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/01/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"bsdutils", reference:"2.12p-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"mount", reference:"2.12p-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"util-linux", reference:"2.12p-4sarge2")) flag++; if (deb_check(release:"3.1", prefix:"util-linux-locales", reference:"2.12p-4sarge2")) flag++; if (deb_check(release:"4.0", prefix:"bsdutils", reference:"2.12r-19etch1")) flag++; if (deb_check(release:"4.0", prefix:"mount", reference:"2.12r-19etch1")) flag++; if (deb_check(release:"4.0", prefix:"util-linux", reference:"2.12r-19etch1")) flag++; if (deb_check(release:"4.0", prefix:"util-linux-locales", reference:"2.12r-19etch1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0001.NASL description I Service Console package security updates a. OpenPegasus PAM Authentication Buffer Overflow Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. This flaw could be exploited by a malicious remote user on the service console network to gain root access to the service console. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5360 to this issue. b. Updated Samba package An issue where attackers on the service console management network can cause a stack-based buffer overflow in the reply_netbios_packet function of nmbd in Samba. On systems where Samba is being used as a WINS server, exploiting this vulnerability can allow remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. An issue where attackers on the service console management network can exploit a vulnerability that occurs when Samba is configured as a Primary or Backup Domain controller. The vulnerability allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5398 and CVE-2007-4572 to these issues. Note: By default Samba is not configured as a WINS server or a domain controller and ESX is not vulnerable unless the administrator has changed the default configuration. This vulnerability can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. c. Updated util-linux package The patch addresses an issue where the mount and umount utilities in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which could allow attackers to gain elevated privileges via helper application such as mount.nfs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5191 to this issue. d. Updated Perl package The update addresses an issue where the regular expression engine in Perl can be used to issue a specially crafted regular expression that allows the attacker to run arbitrary code with the permissions level of the current Perl user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5116 to this issue. e. Updated OpenSSL package A flaw in the SSL_get_shared_ciphers() function could allow an attacker to cause a buffer overflow problem by sending ciphers to applications that use the function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3108, and CVE-2007-5135 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40372 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40372 title VMSA-2008-0001 : Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2008-0001. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(40372); script_version("1.29"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2007-3108", "CVE-2007-4572", "CVE-2007-5116", "CVE-2007-5135", "CVE-2007-5191", "CVE-2007-5360", "CVE-2007-5398"); script_bugtraq_id(21663, 25163, 25831, 26350, 26454, 26455, 26701, 27497, 27686, 29003, 29076, 29404); script_xref(name:"VMSA", value:"2008-0001"); script_name(english:"VMSA-2008-0001 : Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages"); script_summary(english:"Checks esxupdate output for the patches"); script_set_attribute( attribute:"synopsis", value: "The remote VMware ESX host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "I Service Console package security updates a. OpenPegasus PAM Authentication Buffer Overflow Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. This flaw could be exploited by a malicious remote user on the service console network to gain root access to the service console. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5360 to this issue. b. Updated Samba package An issue where attackers on the service console management network can cause a stack-based buffer overflow in the reply_netbios_packet function of nmbd in Samba. On systems where Samba is being used as a WINS server, exploiting this vulnerability can allow remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. An issue where attackers on the service console management network can exploit a vulnerability that occurs when Samba is configured as a Primary or Backup Domain controller. The vulnerability allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5398 and CVE-2007-4572 to these issues. Note: By default Samba is not configured as a WINS server or a domain controller and ESX is not vulnerable unless the administrator has changed the default configuration. This vulnerability can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. c. Updated util-linux package The patch addresses an issue where the mount and umount utilities in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which could allow attackers to gain elevated privileges via helper application such as mount.nfs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5191 to this issue. d. Updated Perl package The update addresses an issue where the regular expression engine in Perl can be used to issue a specially crafted regular expression that allows the attacker to run arbitrary code with the permissions level of the current Perl user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5116 to this issue. e. Updated OpenSSL package A flaw in the SSL_get_shared_ciphers() function could allow an attacker to cause a buffer overflow problem by sending ciphers to applications that use the function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3108, and CVE-2007-5135 to these issues." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2008/000004.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patches."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(119, 189, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:2.5.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.0.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5"); script_set_attribute(attribute:"patch_publication_date", value:"2008/01/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/27"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2008-01-07"); flag = 0; if (esx_check(ver:"ESX 2.5.5", patch:"14")) flag++; if (esx_check(ver:"ESX 2.5.5", patch:"3")) flag++; if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1002962")) flag++; if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1002963")) flag++; if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1002964")) flag++; if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1002968")) flag++; if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1002972")) flag++; if (esx_check(ver:"ESX 3.0.1", patch:"ESX-1003176")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1002969")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1002970")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1002971")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1002975")) flag++; if (esx_check(ver:"ESX 3.0.2", patch:"ESX-1002976")) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200712402-SG", patch_updates : make_list("ESX350-201008410-SG", "ESX350-201012408-SG", "ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200712403-SG", patch_updates : make_list("ESX350-Update05a") ) ) flag++; if ( esx_check( ver : "ESX 3.5.0", patch : "ESX350-200712404-SG", patch_updates : make_list("ESX350-201008412-SG", "ESX350-Update05a") ) ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0969.NASL description Updated util-linux packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. A flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper applications such as, mount.nfs, with additional privileges (CVE-2007-5191). Users are advised to update to these erratum packages which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 36400 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36400 title CentOS 3 / 4 : util-linux (CESA-2007:0969) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0969 and # CentOS Errata and Security Advisory 2007:0969 respectively. # include("compat.inc"); if (description) { script_id(36400); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2007-5191"); script_xref(name:"RHSA", value:"2007:0969"); script_name(english:"CentOS 3 / 4 : util-linux (CESA-2007:0969)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated util-linux packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. A flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper applications such as, mount.nfs, with additional privileges (CVE-2007-5191). Users are advised to update to these erratum packages which contain a backported patch to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2007-November/014434.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a5e7afbf" ); # https://lists.centos.org/pipermail/centos-announce/2007-November/014435.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?64290772" ); # https://lists.centos.org/pipermail/centos-announce/2007-November/014436.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e7964e5a" ); # https://lists.centos.org/pipermail/centos-announce/2007-November/014445.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?72566657" ); script_set_attribute( attribute:"solution", value:"Update the affected util-linux packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:losetup"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mount"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:util-linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/10/04"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"losetup-2.11y-31.24")) flag++; if (rpm_check(release:"CentOS-3", reference:"mount-2.11y-31.24")) flag++; if (rpm_check(release:"CentOS-3", reference:"util-linux-2.11y-31.24")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"util-linux-2.12a-17.c4.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "losetup / mount / util-linux"); }
NASL family SuSE Local Security Checks NASL id SUSE_UTIL-LINUX-4552.NASL description Insufficient length checks when reading the passphrase for encrypted paritions in the mount program could cause a buffer overflow that could potentially be exploited to gain root privileges. When executing helper program last seen 2020-06-01 modified 2020-06-02 plugin id 27514 published 2007-10-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27514 title openSUSE 10 Security Update : util-linux (util-linux-4552) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update util-linux-4552. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27514); script_version ("1.11"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-5191"); script_name(english:"openSUSE 10 Security Update : util-linux (util-linux-4552)"); script_summary(english:"Check for the util-linux-4552 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Insufficient length checks when reading the passphrase for encrypted paritions in the mount program could cause a buffer overflow that could potentially be exploited to gain root privileges. When executing helper program 'mount' didn't check the return value of setuid(). Therefore helper program could potenially run as root (CVE-2007-5191)." ); script_set_attribute( attribute:"solution", value:"Update the affected util-linux package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:util-linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.3", reference:"util-linux-2.12r+2.13rc2+git20070725-24.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux"); }
Oval
accepted | 2013-04-29T04:01:38.804-04:00 | ||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||
description | mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. | ||||||||||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:10101 | ||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
title | mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. | ||||||||||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Statements
contributor | Mark J Cox |
lastmodified | 2009-06-01 |
organization | Red Hat |
statement | Updates are available to address this issue: https://rhn.redhat.com/errata/RHSA-2007-0969.html |
References
- https://issues.rpath.com/browse/RPL-1757
- https://bugzilla.redhat.com/show_bug.cgi?id=320041
- http://bugs.gentoo.org/show_bug.cgi?id=195390
- https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html
- http://security.gentoo.org/glsa/glsa-200710-18.xml
- http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198
- http://www.redhat.com/support/errata/RHSA-2007-0969.html
- http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html
- http://www.ubuntu.com/usn/usn-533-1
- http://www.securityfocus.com/bid/25973
- http://www.securitytracker.com/id?1018782
- http://secunia.com/advisories/27104
- http://secunia.com/advisories/27145
- http://secunia.com/advisories/27188
- http://secunia.com/advisories/27122
- http://secunia.com/advisories/27283
- http://secunia.com/advisories/27354
- http://secunia.com/advisories/27687
- http://secunia.com/advisories/27399
- http://www.debian.org/security/2008/dsa-1449
- http://www.debian.org/security/2008/dsa-1450
- http://secunia.com/advisories/28348
- http://secunia.com/advisories/28349
- http://lists.vmware.com/pipermail/security-announce/2008/000002.html
- http://secunia.com/advisories/28368
- http://support.avaya.com/elmodocs2/security/ASA-2008-023.htm
- http://secunia.com/advisories/28469
- http://www.vmware.com/security/advisories/VMSA-2008-0001.html
- http://www.vupen.com/english/advisories/2007/3417
- http://www.vupen.com/english/advisories/2008/0064
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101
- http://www.securityfocus.com/archive/1/486859/100/0/threaded
- http://www.securityfocus.com/archive/1/485936/100/0/threaded
- http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e