Lucene search
K

1184 matches found

Slackware Linux
Slackware Linux
added 2005/09/13 12:50 a.m.24 views

util-linux umount privilege escalation

New util-linux packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with umount. A bug in the '-r' option could allow flags in /etc/fstab to be improperly dropped on user-mountable volumes, allowing a user to gain root privileges. For more details,...

7.1AI score
Exploits0
CVE
CVE
added 2005/06/21 4:0 a.m.75 views

CVE-2001-1494

CVE-2001-1494 affects util-linux (and mount) prior to versions updated in RHSA-2005:782. The issue is a hardlink-based flaw in the script command: a local attacker can create a hardlink named typescript in a writable directory, and when the script command is run by root, the attacker’s file can b...

5.5CVSS5.6AI score0.00433EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2005/06/21 4:0 a.m.24 views

CVE-2001-1494

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...

5.5CVSS4.2AI score0.00433EPSS
Exploits0
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.25 views

CVE-2001-1494

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...

5.6AI score0.00433EPSS
Exploits0References9
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.25 views

CVE-2004-0080

The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data...

6.1AI score0.03332EPSS
Exploits0References11
CVE
CVE
added 2004/09/01 4:0 a.m.62 views

CVE-2003-0094

CVE-2003-0094 affects Mandrake Linux 8.2/9.0 util-linux mcookie. The patch changed the entropy source from /dev/random to /dev/urandom, making mcookie output more predictable and potentially aiding certain attacks. The Nessus advisory notes the patch was removed in these updates, restoring a bett...

5CVSS6.5AI score0.0155EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2004/09/01 4:0 a.m.76 views

CVE-2004-0080

The CVE-2004-0080 issue affects util-linux login (v2.11 and earlier) where a pointer after free is used, enabling potential leakage of sensitive data. Public references in the connected documents confirm an information-leak vulnerability in login and identify affected package families (util-linux...

5CVSS6.1AI score0.03332EPSS
Exploits0References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/08/30 12:0 a.m.19 views

GLSA-200404-06 : Util-linux login may leak sensitive data

The remote host is affected by the vulnerability described in GLSA-200404-06 Util-linux login may leak sensitive data In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems...

5CVSS5.6AI score0.03332EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.19 views

Mandrake Linux Security Advisory : util-linux (MDKSA-2003:016)

The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the...

5CVSS5.4AI score0.0155EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.30 views

Mandrake Linux Security Advisory : util-linux (MDKSA-2002:047)

Michal Zalewski found a vulnerability in the util-linux package with the chfn utility. This utility allows users to modify some information in the /etc/passwd file, and is installed setuid root. Using a carefully crafted attack sequence, an attacker can exploit a complex file locking and...

6.2CVSS5.5AI score0.00529EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.21 views

Mandrake Linux Security Advisory : util-linux (MDKSA-2001:084)

Tarhon-Onu Victor found a problem in /bin/login's PAM implementation. It stored the value of a static pwent buffer across PAM calls, and when used with some PAM modules in non-default configurations ie. using pamlimits, it would overwrite the buffer and cause the user to get the credentials of...

7.2CVSS5.6AI score0.00434EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.28 views

RHEL 2.1 : util-linux (RHSA-2002:137)

The util-linux package shipped with Red Hat Linux Advanced Server contains a locally exploitable vulnerability. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The 'chfn' utility included in this package allows users...

6.2CVSS5.5AI score0.00529EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.29 views

RHEL 2.1 : util-linux (RHSA-2004:056)

Updated util-linux packages that fix an information leak in the login program are now available. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. In some situations, the login program could use a pointer that had been...

5CVSS5.4AI score0.03332EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2004/04/07 12:0 a.m.41 views

Util-linux login may leak sensitive data

Background Util-linux is a suite of essential system utilites, including login, agetty, fdisk. Description In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems i.e. -PAM i...

5CVSS6.2AI score0.03332EPSS
Exploits0
CERT
CERT
added 2004/03/23 12:0 a.m.32 views

util-linux login program discloses sensitive information

Overview util-linux login program uses a pointer that was previously freed and reallocated which could allow an attacker to gain access to sensitive information. Description util-linux is shipped with Red Hat and numerous other Linux distributions. It contains a collection of utility programs, su...

5CVSS6AI score0.03332EPSS
Exploits0References3
NVD
NVD
added 2004/03/03 5:0 a.m.21 views

CVE-2004-0080

The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data...

5CVSS6.2AI score0.03332EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2004/02/03 8:26 a.m.22 views

Moderate: Red Hat Security Advisory: util-linux security update

Updated util-linux packages that fix an information leak in the login program are now available. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. In some situations, the login program could use a pointer that had been...

5CVSS5.8AI score0.03332EPSS
Exploits0References2
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.24 views

CVE-2002-0638

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in...

6.3AI score0.00529EPSS
Exploits0References13
CVE
CVE
added 2003/04/02 5:0 a.m.78 views

CVE-2002-0638

CVE-2002-0638 concerns the util-linux package’s login utilities (notably setpwnam.c used by chfn/chsh). The advisory describes a race condition caused by inadequate locking of a temporary file used when modifying /etc/passwd, enabling a local attacker to escalate privileges. The issue affects Red...

6.2CVSS6.4AI score0.00529EPSS
Exploits0References13Affected Software1
NVD
NVD
added 2003/03/03 5:0 a.m.14 views

CVE-2003-0094

A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed...

5CVSS6.5AI score0.0155EPSS
Exploits0References3
Rows per page
Query Builder