Rapid7 Vulnerability & Exploit Database

CESA-2004:056: util-linux security update

Back to Search

CESA-2004:056: util-linux security update

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
03/03/2004
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

Updated util-linux packages that fix an information leak in the login program are now available.

The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. In some situations, the login program could use a pointer that had been freed and reallocated. This could cause unintentional data leakage. Note: CentOS Linux 3 is not vulnerable to this issue. It is recommended that all users upgrade to these updated packages, which are not vulnerable to this issue. CentOS would like to thank Matthew Lee of Fleming College for finding and reporting this issue.

Solution(s)

  • centos-upgrade-util-linux

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;