1184 matches found
util-linux umount privilege escalation
New util-linux packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue with umount. A bug in the '-r' option could allow flags in /etc/fstab to be improperly dropped on user-mountable volumes, allowing a user to gain root privileges. For more details,...
CVE-2001-1494
CVE-2001-1494 affects util-linux (and mount) prior to versions updated in RHSA-2005:782. The issue is a hardlink-based flaw in the script command: a local attacker can create a hardlink named typescript in a writable directory, and when the script command is run by root, the attacker’s file can b...
CVE-2001-1494
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...
CVE-2001-1494
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...
CVE-2004-0080
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data...
CVE-2003-0094
CVE-2003-0094 affects Mandrake Linux 8.2/9.0 util-linux mcookie. The patch changed the entropy source from /dev/random to /dev/urandom, making mcookie output more predictable and potentially aiding certain attacks. The Nessus advisory notes the patch was removed in these updates, restoring a bett...
CVE-2004-0080
The CVE-2004-0080 issue affects util-linux login (v2.11 and earlier) where a pointer after free is used, enabling potential leakage of sensitive data. Public references in the connected documents confirm an information-leak vulnerability in login and identify affected package families (util-linux...
GLSA-200404-06 : Util-linux login may leak sensitive data
The remote host is affected by the vulnerability described in GLSA-200404-06 Util-linux login may leak sensitive data In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems...
Mandrake Linux Security Advisory : util-linux (MDKSA-2003:016)
The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the...
Mandrake Linux Security Advisory : util-linux (MDKSA-2002:047)
Michal Zalewski found a vulnerability in the util-linux package with the chfn utility. This utility allows users to modify some information in the /etc/passwd file, and is installed setuid root. Using a carefully crafted attack sequence, an attacker can exploit a complex file locking and...
Mandrake Linux Security Advisory : util-linux (MDKSA-2001:084)
Tarhon-Onu Victor found a problem in /bin/login's PAM implementation. It stored the value of a static pwent buffer across PAM calls, and when used with some PAM modules in non-default configurations ie. using pamlimits, it would overwrite the buffer and cause the user to get the credentials of...
RHEL 2.1 : util-linux (RHSA-2002:137)
The util-linux package shipped with Red Hat Linux Advanced Server contains a locally exploitable vulnerability. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The 'chfn' utility included in this package allows users...
RHEL 2.1 : util-linux (RHSA-2004:056)
Updated util-linux packages that fix an information leak in the login program are now available. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. In some situations, the login program could use a pointer that had been...
Util-linux login may leak sensitive data
Background Util-linux is a suite of essential system utilites, including login, agetty, fdisk. Description In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems i.e. -PAM i...
util-linux login program discloses sensitive information
Overview util-linux login program uses a pointer that was previously freed and reallocated which could allow an attacker to gain access to sensitive information. Description util-linux is shipped with Red Hat and numerous other Linux distributions. It contains a collection of utility programs, su...
CVE-2004-0080
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data...
Moderate: Red Hat Security Advisory: util-linux security update
Updated util-linux packages that fix an information leak in the login program are now available. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. In some situations, the login program could use a pointer that had been...
CVE-2002-0638
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in...
CVE-2002-0638
CVE-2002-0638 concerns the util-linux package’s login utilities (notably setpwnam.c used by chfn/chsh). The advisory describes a race condition caused by inadequate locking of a temporary file used when modifying /etc/passwd, enabling a local attacker to escalate privileges. The issue affects Red...
CVE-2003-0094
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed...