Lucene search
K

1184 matches found

NVD
NVD
added 2002/08/12 4:0 a.m.19 views

CVE-2002-0638

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in...

6.2CVSS6.4AI score0.00529EPSS
Exploits0References13
securityvulns
securityvulns
added 2002/07/31 12:0 a.m.38 views

Privelege escalation in util-linux chfn

Unchecked race conditions under file decriptors leaves ability to modify /etc/passwd...

3.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/07/31 12:0 a.m.68 views

RAZOR advisory: Linux util-linux chfn local root vulnerability

Linux util-linux chfn local root vulnerability Issue Date: July 29, 2002 Contact: Michal Zalewski CVE: CAN-2002-0638 CERT vulnerability note: http://www.kb.cert.org/vuls/id/405955 the URL should be accessible soon Topic: A locally exploitable vulnerability is present in the util-linux package...

6.2CVSS6.8AI score0.00529EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2002/07/29 3:51 p.m.9 views

Moderate: Red Hat Security Advisory: util-linux security update

The util-linux package shipped with Red Hat Linux Advanced Server contains a locally exploitable vulnerability. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The 'chfn' utility included in this package allows users...

6.2CVSS5.7AI score0.00529EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2002/07/29 3:0 p.m.9 views

Moderate: Red Hat Security Advisory: : : : Updated util-linux package fixes password locking race

A locally exploitable vulnerability is present in the util-linux package which shipped with Red Hat Linux. Updated 8 July 2003 Added packages for Red Hat Linux on IBM iSeries and pSeries systems. The util-linux package contains a large variety of low-level system utilities that are necessary for ...

6.2CVSS5.8AI score0.00529EPSS
Exploits0References2
CERT
CERT
added 2002/07/29 12:0 a.m.34 views

util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility

Overview The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system. Description util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. T...

6.2CVSS5.8AI score0.00529EPSS
Exploits0References1
CVE
CVE
added 2002/06/25 4:0 a.m.56 views

CVE-2001-1147

CVE-2001-1147 affects util-linux’s /bin/login PAM handling prior to version 2.11, where a static pwent buffer could be rewritten across PAM calls. In non-default configurations (notably with pam_limits), this could leak one user’s credentials to another. The advisories (Mandrake, Red Hat) documen...

7.2CVSS6.6AI score0.00434EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2002/06/25 4:0 a.m.50 views

CVE-2001-1175

CVE-2001-1175 : In vipw from the util-linux package, before version 2.10, editing /etc/shadow could leave the file world-readable in some cases, enabling local users to more easily perform brute-force password guessing. Supported details in connected docs show Red Hat advisories (RHSA-2001:95, 13...

7.2CVSS6.9AI score0.00425EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.20 views

CVE-2001-1147

The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pamlimits...

6.6AI score0.00434EPSS
Exploits0References7
Cvelist
Cvelist
added 2002/06/25 4:0 a.m.22 views

CVE-2001-1175

vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing...

6.5AI score0.00425EPSS
Exploits0References4
NVD
NVD
added 2002/04/01 5:0 a.m.19 views

CVE-2001-1175

vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing...

7.2CVSS6.5AI score0.00425EPSS
Exploits0References4
OSV
OSV
added 2001/12/31 5:0 a.m.4 views

DEBIAN-CVE-2001-1494

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...

5.5CVSS7AI score0.00433EPSS
Exploits0References1
NVD
NVD
added 2001/12/31 5:0 a.m.18 views

CVE-2001-1494

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...

5.5CVSS5.6AI score0.00433EPSS
Exploits0References9
OSV
OSV
added 2001/12/31 5:0 a.m.3 views

CVE-2001-1494

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...

5.5CVSS7AI score
Exploits0References13
Positive Technologies
Positive Technologies
added 2001/12/31 12:0 a.m.6 views

PT-2001-1015 · Util Linux +1 · Util-Linux +1

Name of the Vulnerable Software and Affected Versions: util-linux versions prior to 2.11n Red Hat Enterprise Linux affected versions not specified Description: The issue allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system,...

7.2CVSS5.4AI score0.00433EPSS
Exploits0References19
Packet Storm
Packet Storm
added 2001/12/18 12:0 a.m.27 views

script.command.txt

------------------------------------------------------------- Title: Silly hardlink vulnerability in UNIX 'script' command Linux version maintainer: Andries Brouwer [email protected] Bug found by: Marco van Berkum [email protected] Date: 17-12-2001 Priority: low...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2001/10/16 7:15 p.m.5 views

Important: Red Hat Security Advisory: : New util-linux packages available to fix /bin/login pam problem

New util-linux packages are available that fix a problem with /bin/login's PAM implementation. This could, in some non-default setups, cause users to receive credentials of other users. It is recommended that all users update to the fixed packages. 2001-10-22: Packages are now available for Red H...

7.2CVSS5.9AI score0.00434EPSS
Exploits0References1
NVD
NVD
added 2001/10/08 4:0 a.m.11 views

CVE-2001-1147

The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pamlimits...

7.2CVSS6.6AI score0.00434EPSS
Exploits0References7
securityvulns
securityvulns
added 2001/07/17 12:0 a.m.59 views

[RHSA-2001:095-04] New util-linux packages available to fix vipw permissions problems

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: New util-linux packages available to fix vipw permissions problems Advisory ID: RHSA-2001:095-04 Issue date: 2001-07-12 Updated on: 2001-07-16 Product: Red Hat Linux Keywords:...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2001/07/16 4:51 p.m.5 views

Moderate: Red Hat Security Advisory: : New util-linux packages available to fix vipw permissions problems

New util-linux packages are available for Red Hat Linux 7.1. These packages fix a problem where vipw would leave the /etc/shadow file world-readable after editing it. It is recommended that all users update to the fixed packages. Also, if you have used vipw on Red Hat Linux 7.1 before, make sure ...

7.2CVSS5.7AI score0.00425EPSS
Exploits0References1
Rows per page
Query Builder