17 matches found
CVE-2026-35368
A flaw was found in uutils coreutils. The chroot utility, when used with the --userspec option, resolves user specifications after entering a restricted environment chroot but before relinquishing root privileges. This can cause the Name Service Switch NSS, a system for resolving system...
GHSA-MH5C-XRMH-M794 uutils coreutils has an Untrusted Search Path
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...
EUVD-2026-25016
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...
CVE-2026-35368
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...
CVE-2026-35368
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...
CVE-2026-35368
CVE-2026-35368 describes a local privilege-escalation in the chroot utility of the uutils coreutils when using the --userspec option. The issue arises because the utility resolves the user via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this c...
CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...
uutils coreutils 代码问题漏洞
uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a code vulnerability in uutils coreutils. This vulnerability arises from the use of the --userspec option during chroot operations. After entering chroot, the user specification is resolved,...
Linux Distros Unpatched Vulnerability : CVE-2026-35368
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam afte...
PT-2026-34504
Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the chroot utility occurs when the --userspec option is used. The utility calls the getPwnam function to resolve user specifications after entering the chroot environment b...
SUSE CVE-2016-2781
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...
chroot in GNU coreutils when used with --userspec allows local users to escape to the parent session via a crafted TIOCSTI ioctl call which pushes characters to the terminal's input buffer.
...
CVE-2016-2781
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...
DEBIAN-CVE-2016-2781
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...
AZL-34628 CVE-2016-2781 affecting package coreutils for versions less than 9.4-1
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...
AZL-6355 CVE-2016-2781 affecting package coreutils for versions less than 8.32-1
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...
UBUNTU-CVE-2016-2781
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...