Headline
CVE-2022-0563: [ANNOUNCE] util-linux v2.37.4
A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an “INPUTRC” environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.
* [ANNOUNCE] util-linux v2.37.4 @ 2022-02-14 11:06 Karel Zak 0 siblings, 0 replies; only message in thread From: Karel Zak @ 2022-02-14 11:06 UTC (permalink / raw) To: linux-kernel, linux-fsdevel, util-linux
The util-linux release v2.37.4 is available at
http://www.kernel.org/pub/linux/utils/util-linux/v2.37/
Feedback and bug reports, as always, are welcomed.
This release fixes security issue in chsh(1) and chfn(8) when util-linux compiled with libreadline.
CVE-2022-0563
The readline library uses INPUTRC= environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file.
Unfortunately, the library does not use secure_getenv() (or a similar concept), or sanitize the config file path to avoid vulnerabilities that could occur if set-user-ID or set-group-ID programs.
Note, this vulnerability has been reproduced on chfn(8), but this command requires enabled CHFN_RESTRICT setting in /etc/login.defs. This setting may be disabled by default.
– Karel Zak [email protected] http://karelzak.blogspot.com
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-02-14 11:28 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed) – links below jump to the message on this page – 2022-02-14 11:06 [ANNOUNCE] util-linux v2.37.4 Karel Zak
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).
Related news
Gentoo Linux Security Advisory 202401-8 - Multiple vulnerabilities have been discovered in util-linux which can lead to denial of service or information disclosure. Versions greater than or equal to 2.37.4 are affected.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]