70 matches found
NewStart CGSL MAIN 6.06 (SP) : cracklib Vulnerability (NS-SA-2026-0019)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has cracklib packages installed that are affected by a vulnerability: - Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service application crash or gain...
EUVD-2021-27274
Malware in sbrugna...
EUVD-2005-3502
Malware in sbrugna...
EUVD-1999-0131
Malware in sbrugna...
EUVD-1999-0690
Malware in sbrugna...
EUVD-2011-0735
Malware in sbrugna...
EUVD-1999-1121
Malware in sbrugna...
EUVD-2016-7245
Malware in sbrugna...
EUVD-2005-0118
Malware in sbrugna...
ypserv allows a local user to modify the GECOS and login shells of other users.
...
CVE-1999-0708
Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field...
RHEL 6 : cracklib (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cracklib: Stack-based buffer overflow when parsing large GECOS field CVE-2016-6318 Note that Nessus has not tested...
SUSE CVE-2005-3503
chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges...
SUSE CVE-2007-2683
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion...
SUSE CVE-2016-6318
Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service application crash or gain privileges via a long GECOS field, involving longbuffer...
Remote Code Execution (RCE)
opensysusers is vulnerable to denial of service. It does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers a program with the same specification does not do that...
CVE-2021-40084
opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers a program with the same specification does not do that...
DEBIAN-CVE-2021-40084
opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers a program with the same specification does not do that...
Command injection
opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers a program with the same specification does not do that...
UBUNTU-CVE-2021-40084
opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers a program with the same specification does not do that...