A vulnerability affecting the util-linux package has been reported on Secunia. It can potentially be exploited by malicious local users to perform certain actions with escalated privileges.
Util-linux is a suite of essential utilities that can be found in many Linux systems. While not particularly serious, especially for privately maintained servers, there might be repercussions for hosting companies that allow shell access.
The vulnerability is caused due to the mount and umount programs incorrectly checking the return values of the "setuid()" and "setgid()" functions when dropping privileges. This can potentially be exploited to perform certain actions with escalated privileges via e.g. the mount.nfs utility.
The report has been filed for version 2.12r of util-linux. Other versions may also be affected.
Related Topics:Open Source Software Security Developer Enterprise Software Innovation
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.