Rapid7 Vulnerability & Exploit Database

RHSA-2001:095: New util-linux packages available to fix vipw permissions problems

Back to Search

RHSA-2001:095: New util-linux packages available to fix vipw permissions problems

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
04/01/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

New util-linux packages are available for Red Hat Linux 7.1. These packages fix a problem where vipw would leave the /etc/shadow file world-readable after editing it. It is recommended that all users update to the fixed packages. Also, if you have used vipw on Red Hat Linux 7.1 before, make sure to run (as root): chmod 0400 /etc/shadow

vipw, from the util-linux package in Red Hat Linux 7.1, included a new option that allowed editing of the /etc/shadow file as well as /etc/passwd. However, this option did not take measures to ensure that the file remained only readable by root. Thanks go to lloyd@acm.jhu.edu for bringing the problem to our attention.

Solution(s)

  • redhat-upgrade-util-linux

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;