Lucene search
+L

17 matches found

redhatcve
redhatcve
added 2026/04/29 10:8 a.m.8 views

CVE-2026-35368

A flaw was found in uutils coreutils. The chroot utility, when used with the --userspec option, resolves user specifications after entering a restricted environment chroot but before relinquishing root privileges. This can cause the Name Service Switch NSS, a system for resolving system...

7.8CVSS6AI score0.00136EPSS
Exploits1References2
euvd
euvd
added 2026/04/22 6:31 p.m.6 views

EUVD-2026-25016

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References2
osv
osv
added 2026/04/22 6:31 p.m.6 views

GHSA-MH5C-XRMH-M794 uutils coreutils has an Untrusted Search Path

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References3
nvd
nvd
added 2026/04/22 5:16 p.m.9 views

CVE-2026-35368

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS0.00136EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/04/22 4:8 p.m.8 views

CVE-2026-35368

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References2
cve
cve
added 2026/04/22 4:8 p.m.21 views

CVE-2026-35368

CVE-2026-35368 describes a local privilege-escalation in the chroot utility of the uutils coreutils when using the --userspec option. The issue arises because the utility resolves the user via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this c...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2026/04/22 4:8 p.m.38 views

CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS0.00136EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/04/22 12:0 a.m.9 views

PT-2026-34504

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the chroot utility occurs when the --userspec option is used. The utility calls the getPwnam function to resolve user specifications after entering the chroot environment b...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References4
cnnvd
cnnvd
added 2026/04/22 12:0 a.m.10 views

uutils coreutils 代码问题漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a code vulnerability in uutils coreutils. This vulnerability arises from the use of the --userspec option during chroot operations. After entering chroot, the user specification is resolved,...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References1
nessus
nessus
added 2026/04/22 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-35368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam afte...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 5:5 a.m.5 views

SUSE CVE-2016-2781

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...

6.5CVSS7.8AI score0.00425EPSS
Exploits0References4
mscve
mscve
added 2020/09/25 7:0 a.m.4 views

chroot in GNU coreutils when used with --userspec allows local users to escape to the parent session via a crafted TIOCSTI ioctl call which pushes characters to the terminal's input buffer.

...

6.5CVSS6.8AI score0.00425EPSS
Exploits0
osv
osv
added 2017/02/07 3:59 p.m.10 views

UBUNTU-CVE-2016-2781

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...

6.5CVSS6.8AI score0.00425EPSS
Exploits0References5
osv
osv
added 2017/02/07 3:59 p.m.9 views

AZL-6355 CVE-2016-2781 affecting package coreutils for versions less than 8.32-1

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...

6.5CVSS6.8AI score0.00425EPSS
Exploits0References1
nvd
nvd
added 2017/02/07 3:59 p.m.21 views

CVE-2016-2781

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...

6.5CVSS6.3AI score0.00425EPSS
Exploits0References3
osv
osv
added 2017/02/07 3:59 p.m.7 views

AZL-34628 CVE-2016-2781 affecting package coreutils for versions less than 9.4-1

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...

6.5CVSS6.8AI score0.00425EPSS
Exploits0References1
osv
osv
added 2017/02/07 3:59 p.m.5 views

DEBIAN-CVE-2016-2781

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...

6.5CVSS6.2AI score0.00425EPSS
Exploits0References1
Rows per page
Query Builder