Vulnerabilities > CVE-2011-1675 - Resource Management Errors vulnerability in Linux Util-Linux
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-0307.NASL description From Red Hat Security Advisory 2012:0307 : An updated util-linux package that fixes multiple security issues, various bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : * When the user logged into a telnet server, the login utility did not update the utmp database properly if the utility was executed from the telnetd daemon. This was due to telnetd not creating an appropriate entry in a utmp file before executing login. With this update, correct entries are created and the database is updated properly. (BZ#646300) * Various options were not described on the blockdev(8) manual page. With this update, the blockdev(8) manual page includes all the relevant options. (BZ#650937) * Prior to this update, the build process of the util-linux package failed in the po directory with the following error message: last seen 2020-06-01 modified 2020-06-02 plugin id 68478 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68478 title Oracle Linux 5 : util-linux (ELSA-2012-0307) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0307 and # Oracle Linux Security Advisory ELSA-2012-0307 respectively. # include("compat.inc"); if (description) { script_id(68478); script_version("1.7"); script_cvs_date("Date: 2019/09/30 10:58:17"); script_cve_id("CVE-2011-1675", "CVE-2011-1677"); script_bugtraq_id(50941); script_xref(name:"RHSA", value:"2012:0307"); script_name(english:"Oracle Linux 5 : util-linux (ELSA-2012-0307)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2012:0307 : An updated util-linux package that fixes multiple security issues, various bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : * When the user logged into a telnet server, the login utility did not update the utmp database properly if the utility was executed from the telnetd daemon. This was due to telnetd not creating an appropriate entry in a utmp file before executing login. With this update, correct entries are created and the database is updated properly. (BZ#646300) * Various options were not described on the blockdev(8) manual page. With this update, the blockdev(8) manual page includes all the relevant options. (BZ#650937) * Prior to this update, the build process of the util-linux package failed in the po directory with the following error message: '@MKINSTALLDIRS@: No such file or directory'. An upstream patch has been applied to address this issue, and the util-linux package now builds successfully. (BZ#677452) * Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an invalid option, '-b'. With this update, only valid options are listed on those manual pages. (BZ#678407) * Previously, the mount(8) manual page contained incomplete information about the ext4 and XFS file systems. With this update, the mount(8) manual page contains the missing information. (BZ#699639) In addition, this update adds the following enhancements : * Previously, if DOS mode was enabled on a device, the fdisk utility could report error messages similar to the following : Partition 1 has different physical/logical beginnings (non-Linux?): phys=(0, 1, 1) logical=(0, 2, 7) This update enables users to switch off DOS compatible mode (by specifying the '-c' option), and such error messages are no longer displayed. (BZ#678430) * This update adds the 'fsfreeze' command which halts access to a file system on a disk. (BZ#726572) All users of util-linux are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-March/002658.html" ); script_set_attribute( attribute:"solution", value:"Update the affected util-linux package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:util-linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/09"); script_set_attribute(attribute:"patch_publication_date", value:"2012/03/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"util-linux-2.13-0.59.0.1.el5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0307.NASL description An updated util-linux package that fixes multiple security issues, various bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : * When the user logged into a telnet server, the login utility did not update the utmp database properly if the utility was executed from the telnetd daemon. This was due to telnetd not creating an appropriate entry in a utmp file before executing login. With this update, correct entries are created and the database is updated properly. (BZ#646300) * Various options were not described on the blockdev(8) manual page. With this update, the blockdev(8) manual page includes all the relevant options. (BZ#650937) * Prior to this update, the build process of the util-linux package failed in the po directory with the following error message: last seen 2020-04-16 modified 2012-02-21 plugin id 58061 published 2012-02-21 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58061 title RHEL 5 : util-linux (RHSA-2012:0307) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0307. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(58061); script_version ("1.18"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/15"); script_cve_id("CVE-2011-1675", "CVE-2011-1677"); script_bugtraq_id(50941); script_xref(name:"RHSA", value:"2012:0307"); script_name(english:"RHEL 5 : util-linux (RHSA-2012:0307)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated util-linux package that fixes multiple security issues, various bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : * When the user logged into a telnet server, the login utility did not update the utmp database properly if the utility was executed from the telnetd daemon. This was due to telnetd not creating an appropriate entry in a utmp file before executing login. With this update, correct entries are created and the database is updated properly. (BZ#646300) * Various options were not described on the blockdev(8) manual page. With this update, the blockdev(8) manual page includes all the relevant options. (BZ#650937) * Prior to this update, the build process of the util-linux package failed in the po directory with the following error message: '@MKINSTALLDIRS@: No such file or directory'. An upstream patch has been applied to address this issue, and the util-linux package now builds successfully. (BZ#677452) * Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an invalid option, '-b'. With this update, only valid options are listed on those manual pages. (BZ#678407) * Previously, the mount(8) manual page contained incomplete information about the ext4 and XFS file systems. With this update, the mount(8) manual page contains the missing information. (BZ#699639) In addition, this update adds the following enhancements : * Previously, if DOS mode was enabled on a device, the fdisk utility could report error messages similar to the following : Partition 1 has different physical/logical beginnings (non-Linux?): phys=(0, 1, 1) logical=(0, 2, 7) This update enables users to switch off DOS compatible mode (by specifying the '-c' option), and such error messages are no longer displayed. (BZ#678430) * This update adds the 'fsfreeze' command which halts access to a file system on a disk. (BZ#726572) All users of util-linux are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:0307" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1677" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1675" ); script_set_attribute( attribute:"solution", value:"Update the affected util-linux and / or util-linux-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:util-linux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:util-linux-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/10"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:0307"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"util-linux-2.13-0.59.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"util-linux-2.13-0.59.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"util-linux-2.13-0.59.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"util-linux-debuginfo-2.13-0.59.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"util-linux-debuginfo-2.13-0.59.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"util-linux-debuginfo-2.13-0.59.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux / util-linux-debuginfo"); } }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1691.NASL description Updated util-linux-ng packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : * Due to a hard-coded limit of 128 devices, an attempt to run the last seen 2020-06-01 modified 2020-06-02 plugin id 57019 published 2011-12-06 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57019 title RHEL 6 : util-linux-ng (RHSA-2011:1691) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2011:1691. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(57019); script_version ("1.15"); script_cvs_date("Date: 2019/10/25 13:36:16"); script_cve_id("CVE-2011-1675", "CVE-2011-1677"); script_xref(name:"RHSA", value:"2011:1691"); script_name(english:"RHEL 6 : util-linux-ng (RHSA-2011:1691)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated util-linux-ng packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : * Due to a hard-coded limit of 128 devices, an attempt to run the 'blkid -c' command on more than 128 devices caused blkid to terminate unexpectedly. This update increases the maximum number of devices to 8192 so that blkid no longer crashes in this scenario. (BZ#675999) * Previously, the 'swapon -a' command did not detect device-mapper devices that were already in use. This update corrects the swapon utility to detect such devices as expected. (BZ#679741) * Prior to this update, the presence of an invalid line in the /etc/fstab file could cause the umount utility to terminate unexpectedly with a segmentation fault. This update applies a patch that corrects this error so that umount now correctly reports invalid lines and no longer crashes. (BZ#684203) * Previously, an attempt to use the wipefs utility on a partitioned device caused the utility to terminate unexpectedly with an error. This update adapts wipefs to only display a warning message in this situation. (BZ#696959) * When providing information on interprocess communication (IPC) facilities, the ipcs utility could previously display a process owner as a negative number if the user's UID was too large. This update adapts the underlying source code to make sure the UID values are now displayed correctly. (BZ#712158) * In the installation scriptlets, the uuidd package uses the chkconfig utility to enable and disable the uuidd service. Previously, this package did not depend on the chkconfig package, which could lead to errors during installation if chkconfig was not installed. This update adds chkconfig to the list of dependencies so that such errors no longer occur. (BZ#712808) * The previous version of the /etc/udev/rules.d/60-raw.rules file contained a statement that both this file and raw devices are deprecated. This is no longer true and the Red Hat Enterprise Linux kernel supports this functionality. With this update, the aforementioned file no longer contains this incorrect statement. (BZ#716995) * Previously, an attempt to use the cfdisk utility to read the default Red Hat Enterprise Linux 6 partition layout failed with an error. This update corrects this error and the cfdisk utility can now read the default partition layout as expected. (BZ#723352) * The previous version of the tailf(1) manual page incorrectly stated that users can use the '--lines=NUMBER' command line option to limit the number of displayed lines. However, the tailf utility does not allow the use of the equals sign (=) between the option and its argument. This update corrects this error. (BZ#679831) * The fstab(5) manual page has been updated to clarify that empty lines in the /etc/fstab configuration file are ignored. (BZ#694648) As well, this update adds the following enhancements : * A new fstrim utility has been added to the package. This utility allows the root user to discard unused blocks on a mounted file system. (BZ#692119) * The login utility has been updated to provide support for failed login attempts that are reported by PAM. (BZ#696731) * The lsblk utility has been updated to provide additional information about the topology and status of block devices. (BZ#723638) * The agetty utility has been updated to pass the hostname to the login utility. (BZ#726092) All users of util-linux-ng are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1675" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-1677" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2011:1691" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libblkid"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libblkid-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libuuid"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libuuid-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:util-linux-ng"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:util-linux-ng-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:uuidd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/09"); script_set_attribute(attribute:"patch_publication_date", value:"2011/12/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2011:1691"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"libblkid-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"libblkid-devel-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"libuuid-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"libuuid-devel-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"util-linux-ng-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"util-linux-ng-debuginfo-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"uuidd-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"uuidd-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"uuidd-2.17.2-12.4.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libblkid / libblkid-devel / libuuid / libuuid-devel / util-linux-ng / etc"); } }
NASL family Scientific Linux Local Security Checks NASL id SL_20111206_UTIL_LINUX_NG_ON_SL6_X.NASL description The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : - Due to a hard-coded limit of 128 devices, an attempt to run the last seen 2020-06-01 modified 2020-06-02 plugin id 61200 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61200 title Scientific Linux Security Update : util-linux-ng on SL6.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(61200); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2011-1675", "CVE-2011-1677"); script_name(english:"Scientific Linux Security Update : util-linux-ng on SL6.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : - Due to a hard-coded limit of 128 devices, an attempt to run the 'blkid -c' command on more than 128 devices caused blkid to terminate unexpectedly. This update increases the maximum number of devices to 8192 so that blkid no longer crashes in this scenario. - Previously, the 'swapon -a' command did not detect device-mapper devices that were already in use. This update corrects the swapon utility to detect such devices as expected. - Prior to this update, the presence of an invalid line in the /etc/fstab file could cause the umount utility to terminate unexpectedly with a segmentation fault. This update applies a patch that corrects this error so that umount now correctly reports invalid lines and no longer crashes. - Previously, an attempt to use the wipefs utility on a partitioned device caused the utility to terminate unexpectedly with an error. This update adapts wipefs to only display a warning message in this situation. - When providing information on interprocess communication (IPC) facilities, the ipcs utility could previously display a process owner as a negative number if the user's UID was too large. This update adapts the underlying source code to make sure the UID values are now displayed correctly. - In the installation scriptlets, the uuidd package uses the chkconfig utility to enable and disable the uuidd service. Previously, this package did not depend on the chkconfig package, which could lead to errors during installation if chkconfig was not installed. This update adds chkconfig to the list of dependencies so that such errors no longer occur. - The previous version of the /etc/udev/rules.d/60-raw.rules file contained a statement that both this file and raw devices are deprecated. This is no longer true and the Scientific Linux kernel supports this functionality. With this update, the aforementioned file no longer contains this incorrect statement. - Previously, an attempt to use the cfdisk utility to read the default Scientific Linux 6 partition layout failed with an error. This update corrects this error and the cfdisk utility can now read the default partition layout as expected. - The previous version of the tailf(1) manual page incorrectly stated that users can use the '--lines=NUMBER' command line option to limit the number of displayed lines. However, the tailf utility does not allow the use of the equals sign (=) between the option and its argument. This update corrects this error. - The fstab(5) manual page has been updated to clarify that empty lines in the /etc/fstab configuration file are ignored. As well, this update adds the following enhancements : - A new fstrim utility has been added to the package. This utility allows the root user to discard unused blocks on a mounted file system. - The login utility has been updated to provide support for failed login attempts that are reported by PAM. - The lsblk utility has been updated to provide additional information about the topology and status of block devices. - The agetty utility has been updated to pass the hostname to the login utility. All users of util-linux-ng are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=1321 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fa33b746" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/09"); script_set_attribute(attribute:"patch_publication_date", value:"2011/12/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"libblkid-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"SL6", reference:"libblkid-devel-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"SL6", reference:"libuuid-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"SL6", reference:"libuuid-devel-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"SL6", reference:"util-linux-ng-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"SL6", reference:"util-linux-ng-debuginfo-2.17.2-12.4.el6")) flag++; if (rpm_check(release:"SL6", reference:"uuidd-2.17.2-12.4.el6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Scientific Linux Local Security Checks NASL id SL_20120221_UTIL_LINUX_ON_SL5_X.NASL description The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : - When the user logged into a telnet server, the login utility did not update the utmp database properly if the utility was executed from the telnetd daemon. This was due to telnetd not creating an appropriate entry in a utmp file before executing login. With this update, correct entries are created and the database is updated properly. - Various options were not described on the blockdev(8) manual page. With this update, the blockdev(8) manual page includes all the relevant options. - Prior to this update, the build process of the util-linux package failed in the po directory with the following error message: last seen 2020-03-18 modified 2012-08-01 plugin id 61272 published 2012-08-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61272 title Scientific Linux Security Update : util-linux on SL5.x i386/x86_64 (20120221) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(61272); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-1675", "CVE-2011-1677"); script_name(english:"Scientific Linux Security Update : util-linux on SL5.x i386/x86_64 (20120221)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs : - When the user logged into a telnet server, the login utility did not update the utmp database properly if the utility was executed from the telnetd daemon. This was due to telnetd not creating an appropriate entry in a utmp file before executing login. With this update, correct entries are created and the database is updated properly. - Various options were not described on the blockdev(8) manual page. With this update, the blockdev(8) manual page includes all the relevant options. - Prior to this update, the build process of the util-linux package failed in the po directory with the following error message: '@MKINSTALLDIRS@: No such file or directory'. An upstream patch has been applied to address this issue, and the util-linux package now builds successfully. - Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an invalid option, '-b'. With this update, only valid options are listed on those manual pages. - Previously, the mount(8) manual page contained incomplete information about the ext4 and XFS file systems. With this update, the mount(8) manual page contains the missing information. In addition, this update adds the following enhancements : - Previously, if DOS mode was enabled on a device, the fdisk utility could report error messages similar to the following : Partition 1 has different physical/logical beginnings (non-Linux?): phys=(0, 1, 1) logical=(0, 2, 7) This update enables users to switch off DOS compatible mode (by specifying the '-c' option), and such error messages are no longer displayed. - This update adds the 'fsfreeze' command which halts access to a file system on a disk. All users of util-linux are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=3164 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?82291f93" ); script_set_attribute( attribute:"solution", value:"Update the affected util-linux and / or util-linux-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:util-linux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:util-linux-debuginfo"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/04/10"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"util-linux-2.13-0.59.el5")) flag++; if (rpm_check(release:"SL5", reference:"util-linux-debuginfo-2.13-0.59.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux / util-linux-debuginfo"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201405-15.NASL description The remote host is affected by the vulnerability described in GLSA-201405-15 (util-linux: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in util-linux. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to cause a Denial of Service condition, trigger corruption of /etc/mtab, obtain sensitive information, or have other unspecified impact. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 74058 published 2014-05-19 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74058 title GLSA-201405-15 : util-linux: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201405-15. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(74058); script_version("1.4"); script_cvs_date("Date: 2018/12/05 20:31:22"); script_cve_id("CVE-2011-1675", "CVE-2011-1676", "CVE-2011-1677", "CVE-2013-0157"); script_bugtraq_id(50941, 57168); script_xref(name:"GLSA", value:"201405-15"); script_name(english:"GLSA-201405-15 : util-linux: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201405-15 (util-linux: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in util-linux. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to cause a Denial of Service condition, trigger corruption of /etc/mtab, obtain sensitive information, or have other unspecified impact. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201405-15" ); script_set_attribute( attribute:"solution", value: "All util-linux users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/util-linux-2.22.2'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:util-linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-apps/util-linux", unaffected:make_list("ge 2.22.2"), vulnerable:make_list("lt 2.22.2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "util-linux"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-0168.NASL description An updated rhev-hypervisor5 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) A divide-by-zero flaw was found in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 79283 published 2014-11-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79283 title RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:0168. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(79283); script_version("1.11"); script_cvs_date("Date: 2019/10/24 15:35:35"); script_cve_id("CVE-2006-1168", "CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2010-4008", "CVE-2011-0216", "CVE-2011-1083", "CVE-2011-1089", "CVE-2011-1526", "CVE-2011-2716", "CVE-2011-2834", "CVE-2011-3638", "CVE-2011-3905", "CVE-2011-3919", "CVE-2011-4086", "CVE-2011-4109", "CVE-2011-4127", "CVE-2011-4347", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0028", "CVE-2012-0029", "CVE-2012-0207"); script_bugtraq_id(51281, 51343, 51642); script_xref(name:"RHSA", value:"2012:0168"); script_name(english:"RHEL 5 : rhev-hypervisor5 (RHSA-2012:0168)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated rhev-hypervisor5 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207) A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially crafted policy extension data. (CVE-2011-4109) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029, and Simon McVittie for reporting CVE-2012-0207. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2006-1168 and CVE-2011-2716 (busybox issues) CVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc issues) CVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and CVE-2012-0028 (kernel issues) CVE-2011-1526 (krb5 issue) CVE-2011-4347 (kvm issue) CVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2011-1944 (libxml2 issues) CVE-2011-1749 (nfs-utils issue) CVE-2011-4108 (openssl issue) CVE-2011-0010 (sudo issue) CVE-2011-1675 and CVE-2011-1677 (util-linux issues) CVE-2010-0424 (vixie-cron issue) This updated rhev-hypervisor5 package fixes various bugs. Documentation of these changes will be available shortly in the Technical Notes document : https://docs.redhat.com/docs/en-US/ Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes / index.html Users of Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4109" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4576" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2011-4619" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0029" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-0207" ); # https://docs.redhat.com/docs/en-US/ script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/documentation/en-US/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:0168" ); script_set_attribute( attribute:"solution", value: "Update the affected rhev-hypervisor5 and / or rhev-hypervisor5-tools packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor5-tools"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/14"); script_set_attribute(attribute:"patch_publication_date", value:"2012/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:0168"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"rhev-hypervisor5-5.8-20120202.0.el5")) flag++; if (rpm_check(release:"RHEL5", reference:"rhev-hypervisor5-tools-5.8-20120202.0.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor5 / rhev-hypervisor5-tools"); } }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-083.NASL description Multiple vulnerabilities has been discovered and corrected in util-linux : mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089 (CVE-2011-1675). mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors (CVE-2011-1677). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 59304 published 2012-05-30 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59304 title Mandriva Linux Security Advisory : util-linux (MDVSA-2012:083) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2012:083. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(59304); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:54"); script_cve_id("CVE-2011-1675", "CVE-2011-1677"); script_bugtraq_id(50941); script_xref(name:"MDVSA", value:"2012:083"); script_name(english:"Mandriva Linux Security Advisory : util-linux (MDVSA-2012:083)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been discovered and corrected in util-linux : mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089 (CVE-2011-1675). mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors (CVE-2011-1677). The updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64blkid-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64blkid1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mount-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64mount1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64uuid-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64uuid1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libblkid-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libblkid1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmount-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libmount1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libuuid-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libuuid1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:util-linux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:util-linux-ng"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:uuidd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2010.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2011"); script_set_attribute(attribute:"patch_publication_date", value:"2012/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64blkid-devel-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64blkid1-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64uuid-devel-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"x86_64", reference:"lib64uuid1-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libblkid-devel-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libblkid1-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libuuid-devel-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", cpu:"i386", reference:"libuuid1-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"util-linux-ng-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2010.1", reference:"uuidd-2.17.1-5.2mdv2010.2", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64blkid-devel-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64blkid1-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64mount-devel-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64mount1-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64uuid-devel-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"x86_64", reference:"lib64uuid1-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libblkid-devel-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libblkid1-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libmount-devel-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libmount1-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libuuid-devel-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", cpu:"i386", reference:"libuuid1-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"util-linux-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2011", reference:"uuidd-2.19-3.2-mdv2011.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Redhat
advisories |
| ||||
rpms |
|
References
- http://openwall.com/lists/oss-security/2011/03/22/6
- http://openwall.com/lists/oss-security/2011/03/15/6
- http://openwall.com/lists/oss-security/2011/03/22/4
- http://openwall.com/lists/oss-security/2011/03/14/5
- http://openwall.com/lists/oss-security/2011/03/05/7
- http://openwall.com/lists/oss-security/2011/03/04/11
- http://openwall.com/lists/oss-security/2011/03/04/10
- http://openwall.com/lists/oss-security/2011/03/31/3
- https://bugzilla.redhat.com/show_bug.cgi?id=688980
- http://openwall.com/lists/oss-security/2011/04/01/2
- http://openwall.com/lists/oss-security/2011/03/05/3
- http://openwall.com/lists/oss-security/2011/03/04/9
- http://openwall.com/lists/oss-security/2011/03/04/12
- http://openwall.com/lists/oss-security/2011/03/31/4
- http://openwall.com/lists/oss-security/2011/03/14/16
- http://openwall.com/lists/oss-security/2011/03/07/9
- http://openwall.com/lists/oss-security/2011/03/14/7
- http://www.redhat.com/support/errata/RHSA-2011-1691.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66705
- http://secunia.com/advisories/48114