Util-linux Login Security Bypass Vulnerability

TITLE: Util-linux Login Security Bypass Vulnerability
CLASS: Access Validation Error
CVE: CVE-2006-7108

REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 05 2007 12:00AM
UPDATE: Jun 15 2007 06:50PM
CREDIT: Craig Lawson is credited with the discovery of this vulnerability.
VULNERABLE:

util-linux util-linux 2.12 a
+ MandrakeSoft Linux Mandrake 10.2 x86_64
+ MandrakeSoft Linux Mandrake 10.2 x86_64
+ MandrakeSoft Linux Mandrake 10.2
+ MandrakeSoft Linux Mandrake 10.2
+ MandrakeSoft Linux Mandrake 10.1 x86_64
+ MandrakeSoft Linux Mandrake 10.1 x86_64
+ MandrakeSoft Linux Mandrake 10.1
+ MandrakeSoft Linux Mandrake 10.1
+ RedHat Desktop 4.0
+ RedHat Enterprise Linux WS 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux AS 4
util-linux util-linux 2.12
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0
+ MandrakeSoft Multi Network Firewall 2.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
util-linux util-linux 2.11 z
util-linux util-linux 2.11 u
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
util-linux util-linux 2.11 r
util-linux util-linux 2.11 n
util-linux util-linux 2.11
util-linux util-linux 2.10
util-linux util-linux 2.9
util-linux util-linux 2.8
rPath rPath Linux 1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux AS 4
RedHat Desktop 4.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Linux Mandrake 2007.0 x86_64
MandrakeSoft Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0

NOT VULNERABLE:

util-linux util-linux 2.13 -pre3
util-linux util-linux 2.13 -pre2
util-linux util-linux 2.13 -pre1
util-linux util-linux 2.12 r-pre1
util-linux util-linux 2.12 r
util-linux util-linux 2.12 q
util-linux util-linux 2.12 p
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
util-linux util-linux 2.12 b
+ MandrakeSoft Linux Mandrake 10.2 x86_64
+ MandrakeSoft Linux Mandrake 10.2
+ MandrakeSoft Linux Mandrake 10.1 x86_64
+ MandrakeSoft Linux Mandrake 10.1

Vai alla pagina originale su Security Focus

Discussion

The 'login' utility (in 'util-linux') is prone to a security-bypass vulnerability because the utility fails to properly validate user privileges.

Exploiting this issue can allow an attacker to bypass certain security restrictions and potentially gain unauthorized access.

Versions prior to 'util-linux' 2.12 are vulnerable.

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

Solution

Solution:
Please see the referenced advisories for details on obtaining the appropriate updates.

References

References:

• Bugzilla Bug 177331: CVE-2006-7108 login omits pam_acct_mgmt & pam_chauthtok whe (RedHat)
  
• RHSA-2007:0235-2 - util-linux security and bug fix update (RedHat)
  
• util-linux Home Page (util-linux)
  

PhpLog