security flaw

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

Low: Red Hat Security Advisory: util-linux security and bug fix update

An updated util-linux package that corrects a security issue and fixes several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The util-linux package contains a collection of basic system utilities. A flaw was found in the way...

Mandrake Linux Security Advisory : util-linux (MDKSA-2007:053)

Umount allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents. Updated packages have...

CVE-2006-7108

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

CVE-2006-7108

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

DEBIAN-CVE-2006-7108

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

CVE-2006-7108

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

CVE-2006-7108

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

CVE-2006-7108

login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...

CVE-2006-7108

CVE-2006-7108 relates to util-linux (2.12a and later) where the login path can bypass authentication checks by skipping pam_acct_mgmt and pam_chauthtok when authentication is skipped (for example after Kerberos krlogin). Public advisories (RHSA-2007:0235, MDKSA-2007:111, CESA-2007:0235) describe ...

CentOS 3 / 4 : util-linux / mount (CESA-2005:782)

Updated util-linux and mount packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux...

Ubuntu 4.10 / 5.04 : util-linux vulnerability (USN-184-1)

David Watson discovered that 'umount -r' removed some restrictive mount options like the 'nosuid' flag. If /etc/fstab contains user-mountable removable devices which specify the 'nosuid' flag which is common practice for such devices, a local attacker could exploit this to execute arbitrary...

RHEL 4 : util-linux and mount (RHSA-2005:782)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2005:782 advisory. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The mount...

losetup, mount, util security update

CentOS Errata and Security Advisory CESA-2005:782-01 Updated util-linux and mount packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of...

losetup, mount, util security update

CentOS Errata and Security Advisory CESA-2005:782 Updated util-linux and mount packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level...

Moderate: Red Hat Security Advisory: util-linux and mount security update

Updated util-linux and mount packages that fix two security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux...

security flaw

umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r remount option, which causes the file system to be remounted with just the read-only flag, which effectively clears the...

security flaw

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...

Mandrake Linux Security Advisory : util-linux (MDKSA-2005:167)

David Watson disovered that the umount utility, when using the '-r' cpmmand, could remove some restrictive mount options such as 'nosuid'. IF /etc/fstab contained user-mountable removable devices that specified nosuid, a local attacker could exploit this flaw to execute arbitrary programs with ro...

Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : util-linux umount privilege escalation (SSA:2005-255-02)

New util-linux packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with umount. A bug in the '-r' option could allow flags in /etc/fstab to be improperly dropped on user-mountable volumes, allowing a user to gain root privileges. %NASLMINLEVEL 7030...