Rapid7 Vulnerability & Exploit Database

RHSA-2012:0307: util-linux security, bug fix, and enhancement update

Back to Search

RHSA-2012:0307: util-linux security, bug fix, and enhancement update

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
04/09/2011
Created
07/25/2018
Added
02/21/2012
Modified
07/04/2017

Description

The util-linux package contains a large variety of low-level systemutilities that are necessary for a Linux system to function. Among others,util-linux contains the fdisk configuration tool and the login program.Multiple flaws were found in the way the mount and umount commandsperformed mtab (mounted file systems table) file updates. A local,unprivileged user allowed to mount or unmount file systems could use theseflaws to corrupt the mtab file and create a stale lock file, preventingother users from mounting and unmounting file systems. (CVE-2011-1675,CVE-2011-1677)This update also fixes the following bugs:In addition, this update adds the following enhancements:Partition 1 has different physical/logical beginnings (non-Linux?):phys=(0, 1, 1) logical=(0, 2, 7)This update enables users to switch off DOS compatible mode (by specifyingthe "-c" option), and such error messages are no longer displayed.(BZ#678430)All users of util-linux are advised to upgrade to this updated package,which contains backported patches to correct these issues and add theseenhancements.

Solution(s)

  • redhat-upgrade-util-linux
  • redhat-upgrade-util-linux-debuginfo

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;