Open Source

Local util-linux vulnerability reported

A vulnerability affected the util-linux package have been reported on Secunai. It can potentially be exploited by malicious local users to perform certain actions with escalated privileges.

A vulnerability affecting the util-linux package has been reported on Secunia. It can potentially be exploited by malicious local users to perform certain actions with escalated privileges.

Util-linux is a suite of essential utilities that can be found in many Linux systems. While not particularly serious, especially for privately maintained servers, there might be repercussions for hosting companies that allow shell access.

Excerpt from Secunia:

The vulnerability is caused due to the mount and umount programs incorrectly checking the return values of the "setuid()" and "setgid()" functions when dropping privileges. This can potentially be exploited to perform certain actions with escalated privileges via e.g. the mount.nfs utility.

The report has been filed for version 2.12r of util-linux. Other versions may also be affected.

About Paul Mah

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

Editor's Picks

Free Newsletters, In your Inbox