Overview
util-linux login program uses a pointer that was previously freed and reallocated which could allow an attacker to gain access to sensitive information.
Description
util-linux is shipped with Red Hat and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, chfn, and login. There is a vulnerability in the way the login program uses a pointer that was previously freed and reallocated resulting in an information leak. This could be used by an attacker to gain access to sensitive information. |
Impact
An attacker may be able to gain access to sensitive information. |
Solution
Apply Patch Apply a patch from your vendor. |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
Red Hat credits Matthew Lee for reporting this vulnerability.
This document was written by Damon Morda.
Other Information
CVE IDs: | CVE-2004-0080 |
Severity Metric: | 1.40 |
Date Public: | 2004-02-03 |
Date First Published: | 2004-03-23 |
Date Last Updated: | 2004-03-23 14:51 UTC |
Document Revision: | 7 |