English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59814
Category:Fedora Local Security Checks
Title:Fedora Core 7 FEDORA-2007-2462 (util-linux)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to util-linux
announced via advisory FEDORA-2007-2462.

The util-linux package contains a large variety of low-level system
utilities that are necessary for a Linux system to function. Among
others, Util-linux contains the fdisk configuration tool and the login
program.

ChangeLog:

* Mon Oct 8 2007 Karel Zak 2.13-0.54.1
- fix #320131 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers [F7]
* Wed Aug 8 2007 Karel Zak 2.13-0.54
- backport mount relatime patch
* Thu Aug 2 2007 Karel Zak 2.13-0.53
- fix #236848 - mount/fstab.c:lock_mtab() should open with proper permissions
- fix #238918 - blockdev --getsize does not work properly on devices with more than 2^31 sectors
* Mon Jul 9 2007 Karel Zak 2.13-0.52
- fix #245578 - login's PAM configuration inits the keyring at an inconvenient time
- fix #231532 - pamconsole not documented in mount(8)
- fix #243930 - translation files exist, but are not being used
- fix #228731 - sfdisk doesn't support DM-MP device (add default heads and sectors)
- fix #231192 - ipcs is not printing correct values on pLinux
- fix #245912 - mount doesn't write the 'loop=...' option in /etc/mtab when mounting a loop device
- fix #213253 - cal -3 generates improperly formatted output
References:

[ 1 ] Bug #320041 - CVE-2007-5191 util-linux (u)mount doesn't drop privileges properly when calling helpers
https://bugzilla.redhat.com/show_bug.cgi?id=320041
[ 2 ] CVE-2007-5191
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5191
Updated packages:

2aedbaafdf347aa298558a56e9d9020f88e3acc4 util-linux-debuginfo-2.13-0.54.1.fc7.ppc64.rpm
67f580fe186fb81b20a88eb512c13a994b45578b util-linux-2.13-0.54.1.fc7.ppc64.rpm
15837b21fccb7a8160aa262f8c89e7c96edad4c1 util-linux-2.13-0.54.1.fc7.i386.rpm
f638d85d5ca00df21ac9de9a0da03fd56a9ab8c7 util-linux-debuginfo-2.13-0.54.1.fc7.i386.rpm
e6a30062c8d8047473dad04ad489c3262828eb18 util-linux-debuginfo-2.13-0.54.1.fc7.x86_64.rpm
e463d60a90473d8d76dbd23e0557c91b12dbb77c util-linux-2.13-0.54.1.fc7.x86_64.rpm
86cdcf5c587ff53d897101ee157ddd626fd424fe util-linux-2.13-0.54.1.fc7.ppc.rpm
46b432df12c7f46cb49564dc06818c5fcc1c8aa0 util-linux-debuginfo-2.13-0.54.1.fc7.ppc.rpm
7f6962c44ca92c98c0a9b5b10355df7d50669b44 util-linux-2.13-0.54.1.fc7.src.rpm

This update can be installed with the yum update program. Use
su -c 'yum update util-linux'
at the command line. For more information, refer to Managing Software
with yum, available at http://docs.fedoraproject.org/yum/.

Solution: Apply the appropriate updates.

http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-2462

Risk factor : High

CVSS Score:
6.9

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5191
BugTraq ID: 25973
http://www.securityfocus.com/bid/25973
Bugtraq: 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages (Google Search)
http://www.securityfocus.com/archive/1/485936/100/0/threaded
Bugtraq: 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages (Google Search)
http://www.securityfocus.com/archive/1/486859/100/0/threaded
Debian Security Information: DSA-1449 (Google Search)
http://www.debian.org/security/2008/dsa-1449
Debian Security Information: DSA-1450 (Google Search)
http://www.debian.org/security/2008/dsa-1450
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00144.html
http://security.gentoo.org/glsa/glsa-200710-18.xml
http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10101
http://www.redhat.com/support/errata/RHSA-2007-0969.html
http://www.securitytracker.com/id?1018782
http://secunia.com/advisories/27104
http://secunia.com/advisories/27122
http://secunia.com/advisories/27145
http://secunia.com/advisories/27188
http://secunia.com/advisories/27283
http://secunia.com/advisories/27354
http://secunia.com/advisories/27399
http://secunia.com/advisories/27687
http://secunia.com/advisories/28348
http://secunia.com/advisories/28349
http://secunia.com/advisories/28368
http://secunia.com/advisories/28469
SuSE Security Announcement: SUSE-SR:2007:022 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html
http://www.ubuntu.com/usn/usn-533-1
http://www.vupen.com/english/advisories/2007/3417
http://www.vupen.com/english/advisories/2008/0064
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.