CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2914 matches found

OSV•added 2006/07/06 8:5 p.m.•11 views

CVE-2006-3378

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits...

6.6AI score

Exploits0References7

OSV•added 2006/07/06 8:5 p.m.•3 views

DEBIAN-CVE-2006-3378

7.2CVSS7.2AI score0.00341EPSS

Exploits0References1

Ubuntu•added 2006/07/06 7:29 a.m.•41 views

USN-308-1: shadow vulnerability

Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid call. On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root...

7.2CVSS5.5AI score0.00341EPSS

Exploits0

securityvulns•added 2006/07/06 12:0 a.m.•39 views

Suid utilities (vixie-cron, shadow, ppp) user limits privilege escalation

setuid return code is not checked. It makes it possible to execute code with root privileges by exhausting user limits...

3.7AI score

Exploits0References3Affected Software3

securityvulns•added 2006/07/06 12:0 a.m.•43 views

[Full-disclosure] [USN-310-1] ppp vulnerability

=========================================================== Ubuntu Security Notice USN-310-1 July 05, 2006 ppp vulnerability CVE-2006-2194 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS This advisory...

7.2CVSS6.3AI score0.00398EPSS

Exploits1

securityvulns•added 2006/07/06 12:0 a.m.•38 views

[Full-disclosure] [USN-308-1] shadow vulnerability

=========================================================== Ubuntu Security Notice USN-308-1 July 05, 2006 shadow vulnerability =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory...

Exploits0

UbuntuCve•added 2006/07/05 6:5 p.m.•26 views

CVE-2006-2194

The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM...

7.2CVSS6AI score0.00398EPSS

Exploits1References2

NVD•added 2006/07/05 6:5 p.m.•17 views

CVE-2006-2194

7.2CVSS6.7AI score0.00398EPSS

Exploits1References9

OSV•added 2006/07/05 6:5 p.m.•4 views

CVE-2006-2194

6.7AI score

Exploits0References13

OSV•added 2006/07/05 6:5 p.m.•3 views

DEBIAN-CVE-2006-2194

7.2CVSS7.3AI score0.00398EPSS

Exploits1References1

Cvelist•added 2006/07/05 6:0 p.m.•31 views

CVE-2006-2194

6.6AI score0.00398EPSS

Exploits1References9

Gentoo Linux•added 2006/06/22 12:0 a.m.•38 views

aRts: Privilege escalation

Background aRts is a real time modular system for synthesizing audio used by KDE. artswrapper is a helper application used to start the aRts daemon. Description artswrapper fails to properly check whether it can drop privileges accordingly if setuid fails due to a user exceeding assigned resource...

7.8CVSS7.3AI score0.00385EPSS

Exploits0

NVD•added 2006/06/13 10:2 a.m.•16 views

CVE-2006-3005

The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service memory exhaustion via a crafted JPEG file that exceeds the intended memory limits...

5CVSS6.2AI score0.01863EPSS

Exploits0References5

Tenable Nessus•added 2006/06/11 12:0 a.m.•22 views

GLSA-200606-07 : Vixie Cron: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-200606-07 Vixie Cron: Privilege Escalation Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid in docommand.c fails due to a user exceeding assigned resource...

7.2CVSS5.8AI score0.00565EPSS

Exploits1References2

Gentoo Linux•added 2006/06/09 12:0 a.m.•21 views

Vixie Cron: Privilege Escalation

Background Vixie Cron is a command scheduler with extended syntax over cron. Description Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid in docommand.c fails due to a user exceeding assigned resource limits. Impact Local...

7.2CVSS6.9AI score0.00565EPSS

Exploits1

NVD•added 2006/05/25 8:2 p.m.•16 views

CVE-2006-2607

docommand.c in Vixie cron vixie-cron 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in...

7.2CVSS6.4AI score0.00565EPSS

Exploits1References19