French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes util-linux Privilege Escalation Vulnerability

Title : Mandriva Security Update Fixes util-linux Privilege Escalation Vulnerability
Advisory ID : FrSIRT/ADV-2007-3512
CVE ID : CVE-2007-5191
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-10-16

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

A vulnerability has been identified in various Mandriva products, which could be exploited by local attackers to bypass security restrictions and gain elevated privileges [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
64440de5b0e17ede0ff6d5647ed2ff59 2007.0/i586/losetup-2.12r-8.3mdv2007.0.i586.rpm
15992ebb5aad91809aa77fd95d18ca0d 2007.0/i586/mount-2.12r-8.3mdv2007.0.i586.rpm
b60fa731a619023d9ee621193fb774f5 2007.0/i586/util-linux-2.12r-8.3mdv2007.0.i586.rpm
67d816f2242c4c3d20f98caaa49aeb67 2007.0/SRPMS/util-linux-2.12r-8.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
b3fc22fbec0cab2444bb266551ece54a 2007.0/x86_64/losetup-2.12r-8.3mdv2007.0.x86_64.rpm
2d1a2b67e27f03f1478b6d403101360f 2007.0/x86_64/mount-2.12r-8.3mdv2007.0.x86_64.rpm
b55391c2d42ae2be0ec64816b0a4709f 2007.0/x86_64/util-linux-2.12r-8.3mdv2007.0.x86_64.rpm
67d816f2242c4c3d20f98caaa49aeb67 2007.0/SRPMS/util-linux-2.12r-8.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
c3f01c2633e3154e8c70165187e1cfee 2007.1/i586/losetup-2.12r-12.2mdv2007.1.i586.rpm
085d5d11a4b37c3f6726ee0332b9d0aa 2007.1/i586/mount-2.12r-12.2mdv2007.1.i586.rpm
451974eed97067c69bf34c6e9a59fa7a 2007.1/i586/util-linux-2.12r-12.2mdv2007.1.i586.rpm
89c2fe31fd555a760fe14d0a8cfa3b6f 2007.1/SRPMS/util-linux-2.12r-12.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
ce09e5fc6f050ca135f524bd5f9b3fbe 2007.1/x86_64/losetup-2.12r-12.2mdv2007.1.x86_64.rpm
71273a5d58a55f79c85dd7a7dda54476 2007.1/x86_64/mount-2.12r-12.2mdv2007.1.x86_64.rpm
fd27c8e4b14da14c3a13e61580f8b74a 2007.1/x86_64/util-linux-2.12r-12.2mdv2007.1.x86_64.rpm
89c2fe31fd555a760fe14d0a8cfa3b6f 2007.1/SRPMS/util-linux-2.12r-12.2mdv2007.1.src.rpm

Mandriva Linux 2008.0:
65d5eb89c2588aab19f877d085fb5a53 2008.0/i586/util-linux-ng-2.13-3.1mdv2008.0.i586.rpm
0fa5be0c17f9d0c403a60c1504600dac 2008.0/SRPMS/util-linux-ng-2.13-3.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
e36da656cc73ec8e1eab5032ada23a49 2008.0/x86_64/util-linux-ng-2.13-3.1mdv2008.0.x86_64.rpm
0fa5be0c17f9d0c403a60c1504600dac 2008.0/SRPMS/util-linux-ng-2.13-3.1mdv2008.0.src.rpm

Corporate 3.0:
860c4c8418f1143264994b2c83e7d95f corporate/3.0/i586/losetup-2.12-2.3.C30mdk.i586.rpm
a32e5441007cfd710275deb76e8fbd3a corporate/3.0/i586/mount-2.12-2.3.C30mdk.i586.rpm
541e29f0531f46dfc786e8b7f7d1d7ac corporate/3.0/i586/util-linux-2.12-2.3.C30mdk.i586.rpm
4a56621eef79c176b447b0c494a0d1e9 corporate/3.0/SRPMS/util-linux-2.12-2.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
e5128f44cf0a79b0a0dc3c23aaa3a690 corporate/3.0/x86_64/losetup-2.12-2.3.C30mdk.x86_64.rpm
18c0bb4e45301d8df328026b19630724 corporate/3.0/x86_64/mount-2.12-2.3.C30mdk.x86_64.rpm
4de1c1120f72dee868cf4561bca2c2ac corporate/3.0/x86_64/util-linux-2.12-2.3.C30mdk.x86_64.rpm
4a56621eef79c176b447b0c494a0d1e9 corporate/3.0/SRPMS/util-linux-2.12-2.3.C30mdk.src.rpm

Corporate 4.0:
611b8878518021dd4852eca879ec9249 corporate/4.0/i586/losetup-2.12q-7.3.20060mlcs4.i586.rpm
ed5fb53165d477aed270025f6bdc1506 corporate/4.0/i586/mount-2.12q-7.3.20060mlcs4.i586.rpm
0b6627c6dd614e379f50818b696e6245 corporate/4.0/i586/util-linux-2.12q-7.3.20060mlcs4.i586.rpm
b151e4a0ba69681a503a41a1345812e0 corporate/4.0/SRPMS/util-linux-2.12q-7.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
20319f51172a26bfc749e730426394f1 corporate/4.0/x86_64/losetup-2.12q-7.3.20060mlcs4.x86_64.rpm
e5b0f3559fbdd0b8624d45113c77d96e corporate/4.0/x86_64/mount-2.12q-7.3.20060mlcs4.x86_64.rpm
253f7975ab30effa3b9e8611a38dee67 corporate/4.0/x86_64/util-linux-2.12q-7.3.20060mlcs4.x86_64.rpm
b151e4a0ba69681a503a41a1345812e0 corporate/4.0/SRPMS/util-linux-2.12q-7.3.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
6b6ff10041f39974ffaf2f0f2205ef1b mnf/2.0/i586/losetup-2.12-2.3.M20mdk.i586.rpm
232fb2749c37aebcd84a37579a77f651 mnf/2.0/i586/mount-2.12-2.3.M20mdk.i586.rpm
79be57ad149e0ad500b717c08840a3e3 mnf/2.0/i586/util-linux-2.12-2.3.M20mdk.i586.rpm
52f76435ff50cacd708dfe1af359bce4 mnf/2.0/SRPMS/util-linux-2.12-2.3.M20mdk.src.rpm

ChangeLog

2007-10-16 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Oracle Products Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability

Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities

Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

Apple Mac OS X Command Execution and Security Bypass Issues

Apple Safari for Mac OS X Remote Code Execution Vulnerability

Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability

Apple Safari Code Execution and Information Disclosure Vulnerabilities

Apple QuickTime Multiple File Handling Code Execution Vulnerabilities

Apple Safari for Windows Remote Code Execution Vulnerability

Apple Mac OS X Command Execution and Security Bypass Issues

Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities

Sun Java System Access Manager XSLT Code Execution Vulnerability

Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities

Sun Solaris "snmpXdmid" Packet Handling Denial of Service Vulnerability

Sun Solaris FreeType2 Library Multiple Memory Corruption Vulnerabilities

Sun Java System Calendar Server Denial of Service Vulnerability

Sun Solaris SMA SNMPv3 Authentication Bypass Vulnerability

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy