102 matches found
NewStart CGSL MAIN 6.06 (SP) : cracklib Vulnerability (NS-SA-2026-0019)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has cracklib packages installed that are affected by a vulnerability: - Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service application crash or gain...
EUVD-2021-27274
Malware in sbrugna...
EUVD-2005-3502
Malware in sbrugna...
EUVD-1999-0131
Malware in sbrugna...
EUVD-1999-0690
Malware in sbrugna...
EUVD-2007-4293
Malware in sbrugna...
EUVD-1999-1121
Malware in sbrugna...
EUVD-1999-0882
Malware in sbrugna...
EUVD-2011-0735
Malware in sbrugna...
EUVD-2005-0118
Malware in sbrugna...
EUVD-2016-7245
Malware in sbrugna...
ypserv allows a local user to modify the GECOS and login shells of other users.
...
CVE-1999-0708
Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field...
RHEL 6 : cracklib (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cracklib: Stack-based buffer overflow when parsing large GECOS field CVE-2016-6318 Note that Nessus has not tested...
SUSE CVE-2015-3245
Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a denial of service /etc/passwd corruption via a newline character in the GECOS field...
Debian: Security Advisory (DLA-599-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2005-3503
chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges...
SUSE CVE-2007-2683
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion...
SUSE CVE-2016-6318
Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service application crash or gain privileges via a long GECOS field, involving longbuffer...
Remote Code Execution (RCE)
opensysusers is vulnerable to denial of service. It does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers a program with the same specification does not do that...