1184 matches found
CVE-2002-0638
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in...
Privelege escalation in util-linux chfn
Unchecked race conditions under file decriptors leaves ability to modify /etc/passwd...
RAZOR advisory: Linux util-linux chfn local root vulnerability
Linux util-linux chfn local root vulnerability Issue Date: July 29, 2002 Contact: Michal Zalewski CVE: CAN-2002-0638 CERT vulnerability note: http://www.kb.cert.org/vuls/id/405955 the URL should be accessible soon Topic: A locally exploitable vulnerability is present in the util-linux package...
Moderate: Red Hat Security Advisory: util-linux security update
The util-linux package shipped with Red Hat Linux Advanced Server contains a locally exploitable vulnerability. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The 'chfn' utility included in this package allows users...
Moderate: Red Hat Security Advisory: : : : Updated util-linux package fixes password locking race
A locally exploitable vulnerability is present in the util-linux package which shipped with Red Hat Linux. Updated 8 July 2003 Added packages for Red Hat Linux on IBM iSeries and pSeries systems. The util-linux package contains a large variety of low-level system utilities that are necessary for ...
util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility
Overview The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system. Description util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. T...
CVE-2001-1147
CVE-2001-1147 affects util-linux’s /bin/login PAM handling prior to version 2.11, where a static pwent buffer could be rewritten across PAM calls. In non-default configurations (notably with pam_limits), this could leak one user’s credentials to another. The advisories (Mandrake, Red Hat) documen...
CVE-2001-1175
CVE-2001-1175 : In vipw from the util-linux package, before version 2.10, editing /etc/shadow could leave the file world-readable in some cases, enabling local users to more easily perform brute-force password guessing. Supported details in connected docs show Red Hat advisories (RHSA-2001:95, 13...
CVE-2001-1147
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pamlimits...
CVE-2001-1175
vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing...
CVE-2001-1175
vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing...
DEBIAN-CVE-2001-1494
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...
CVE-2001-1494
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...
CVE-2001-1494
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...
PT-2001-1015 · Util Linux +1 · Util-Linux +1
Name of the Vulnerable Software and Affected Versions: util-linux versions prior to 2.11n Red Hat Enterprise Linux affected versions not specified Description: The issue allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system,...
script.command.txt
------------------------------------------------------------- Title: Silly hardlink vulnerability in UNIX 'script' command Linux version maintainer: Andries Brouwer [email protected] Bug found by: Marco van Berkum [email protected] Date: 17-12-2001 Priority: low...
Important: Red Hat Security Advisory: : New util-linux packages available to fix /bin/login pam problem
New util-linux packages are available that fix a problem with /bin/login's PAM implementation. This could, in some non-default setups, cause users to receive credentials of other users. It is recommended that all users update to the fixed packages. 2001-10-22: Packages are now available for Red H...
CVE-2001-1147
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pamlimits...
[RHSA-2001:095-04] New util-linux packages available to fix vipw permissions problems
--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: New util-linux packages available to fix vipw permissions problems Advisory ID: RHSA-2001:095-04 Issue date: 2001-07-12 Updated on: 2001-07-16 Product: Red Hat Linux Keywords:...
Moderate: Red Hat Security Advisory: : New util-linux packages available to fix vipw permissions problems
New util-linux packages are available for Red Hat Linux 7.1. These packages fix a problem where vipw would leave the /etc/shadow file world-readable after editing it. It is recommended that all users update to the fixed packages. Also, if you have used vipw on Red Hat Linux 7.1 before, make sure ...