Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 24, 2002
Not Affected
In relation to this CERT advisory on security vulnerabilities in util-linux, Alcatel has conducted an immediate assessment to determine any impact this may have on our portfolio. An initial analysis has shown that none of our products is affected when used as delivered to customers. The security of our customers' networks is of highest priority for Alcatel. Therefore, investigations are going on and updates will be provided if necessary. Customers may contact their Alcatel support representative for more details.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Not Affected
Cray, Inc. is not vulnerable to this problem because chfn is not accessible to any users of our products.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 27, 2002
Not Affected
Debian does not ship any of the util-linux login-utils tools; instead we use the corresponding tools from the 'shadow' package, which use a different locking technique.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 27, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 17, 2002
Not Affected
IBM's AIX operating system is not vulnerable to the above issues. While IBM does supply open source packages for AIX through the AIX Toolbox for Linux Applications, the util-linux package is not one of them.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 11, 2002
Not Affected
Lotus does not ship any Linux distributions.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 27, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 12, 2002
Not Affected
This vulnerability does not affect us.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 12, 2002
Not Affected
NetBSD is not affected by this issue. Password locking functions in NetBSD are provided by libutil. The lock file has been opened O_EXCL in libutil since at least May, 1996 - we did not check further back, since that covers NetBSD 1.2 and later.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: August 15, 2002
Not Affected
Openwall GNU/*/Linux (Owl) is not vulnerable. We're using a version of chfn(1) utility from the shadow suite (with our modifications) rather than one from util-linux. This decision was made during Owl development specifically to ensure compatible password file locking across the system as a whole. Additionally, on Owl, chfn(1) isn't available to regular users by default, although that is a supported owl-control setting.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Affected
Red Hat distributes the util-linux package in all Red Hat Linux distributions. Updated packages containing a fix for this vulnerability will be available along with our advisory at the URL below. At the same time users of the Red Hat Network will be able to update their systems using the 'up2date' tool. http://rhn.redhat.com/errata/RHSA-2002-132.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 17, 2002
Affected
This issue affects the following Sun Cobalt platforms: Sun Cobalt RaQ Sun Cobalt RaQ 2 Sun Cobalt RaQ 3 Sun Cobalt RaQ 4 Sun Cobalt RaQ 550 Sun Cobalt RaQ XTR Sun Cobalt Cache RaQ series Sun Cobalt Qube Sun Cobalt Qube 2 Sun Cobalt Qube 3 Sun Cobalt Control Station Sun Cobalt are generating patches for this issue presently which will be available for download from: http://sunsolve.sun.com/patches/cobalt A SunAlert will be published which details the issue and the patch information which will be available from: http://sunsolve.sun.com/
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 15, 2002
Not Affected
SuSE Linux is not vulnerable to this issue, as we do no use the passwd utility from util-linux. Instead, we are using the ones from the shadow or pwdutils suite, which properly opens the file with O_EXCL (in addition to using lockpwdf).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: October 30, 2002
Affected
Caldera OpenLinux is vulnerable to this race condition, and we are preparing a fix.
The vendor has not provided us with any further information regarding this vulnerability.
Please also see ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-043.0.txt.
Notified: June 26, 2002 Updated: June 28, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: July 10, 2002
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: June 26, 2002 Updated: May 30, 2003
Not Affected
A response to this vulnerability is available from our web site: http://www.xerox.com/security
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.