Util-linux File Locking Race Condition Vulnerability

The util-linux package is a set of commonly used system utilities such as 'chfn' and 'chsh'. It is included with many Linux distributions.

A race condition has been reported in code shared by the util-linux utilities. The condition is related to file locking. Failure to check for the existence of a lockfile prior to sensitive operations may, under specific circumstances, open a window of opportunity for attack. The util-linux utilities often write to sensitive files such as /etc/passwd/. Attackers may exploit the condition to inject arbitrary data into these files to elevate privileges.

The reported attacks are complex, time dependent and require specific circumstances such as system administrator interaction and a large passwd file.

Red Hat Linux is known to ship with util-linux as a core component. Other distributions, those that are derived from Red Hat in particular, may also be vulnerable.

It should be noted that the utilities included with the shadow-utils package (shipped with SuSE Linux) are not vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus