FrSIRT - Fedora Security Update Fixes util-linux Privilege Escalation Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes util-linux Privilege Escalation Vulnerability

Title : Fedora Security Update Fixes util-linux Privilege Escalation Vulnerability
Advisory ID : FrSIRT/ADV-2007-3517
CVE ID : CVE-2007-5191
Rated as : Low Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-10-17

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by local attackers to bypass security restrictions and gain elevated privileges [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

89f69bd6c692a6ae650fa0b9fee178b2c959596f SRPMS/util-linux-2.13-0.49.fc6.src.rpm
89f69bd6c692a6ae650fa0b9fee178b2c959596f noarch/util-linux-2.13-0.49.fc6.src.rpm
88748be58e688de7f09ee499f6696048ea932365 ppc/debug/util-linux-debuginfo-2.13-0.49.fc6.ppc.rpm
02217f50460aa38b48f50f0c801ddbdb4facddf5 ppc/util-linux-2.13-0.49.fc6.ppc.rpm
7d04c07578783324feba70972c23d1e5bdd3e212 x86_64/util-linux-2.13-0.49.fc6.x86_64.rpm
f2e3f30f4c3d872fae0f10ab05e735a04ca58813 x86_64/debug/util-linux-debuginfo-2.13-0.49.fc6.x86_64.rpm
c0afb3085aa23636e88f13323ce22de5812e0ee5 i386/util-linux-2.13-0.49.fc6.i386.rpm
06a152ded9fa4188721963c2afbdcdab13ea083f i386/debug/util-linux-debuginfo-2.13-0.49.fc6.i386.rpm

ChangeLog

2007-10-17 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Microsoft Windows Vista "WRITE_ANDX" Denial of Service Vulnerability
	Microsoft Office OneNote URL Code Execution (MS08-055)
	Microsoft GDI+ Multiple Code Execution Vulnerabilities (MS08-052)
	Microsoft Visual Studio "Msmask32" Code Execution Vulnerability
	Microsoft PowerPoint Command Execution Vulnerabilities (MS08-051)
	Microsoft Windows Messenger Data Disclosure (MS08-050)
	Microsoft Windows Event System Code Execution (MS08-049)

	Mozilla Products Code Execution and Security Bypass Vulnerabilities
	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues