CVE-2001-1494

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command...

CVE-2004-0080

The CVE-2004-0080 issue affects util-linux login (v2.11 and earlier) where a pointer after free is used, enabling potential leakage of sensitive data. Public references in the connected documents confirm an information-leak vulnerability in login and identify affected package families (util-linux...

CVE-2003-0094

CVE-2003-0094 affects Mandrake Linux 8.2/9.0 util-linux mcookie. The patch changed the entropy source from /dev/random to /dev/urandom, making mcookie output more predictable and potentially aiding certain attacks. The Nessus advisory notes the patch was removed in these updates, restoring a bett...

Mandrake Linux Security Advisory : util-linux (MDKSA-2001:084)

Tarhon-Onu Victor found a problem in /bin/login's PAM implementation. It stored the value of a static pwent buffer across PAM calls, and when used with some PAM modules in non-default configurations ie. using pamlimits, it would overwrite the buffer and cause the user to get the credentials of...

Util-linux login may leak sensitive data

Background Util-linux is a suite of essential system utilites, including login, agetty, fdisk. Description In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems i.e. -PAM i...

CVE-2004-0080

The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data...

CVE-2002-0638

CVE-2002-0638 concerns the util-linux package’s login utilities (notably setpwnam.c used by chfn/chsh). The advisory describes a race condition caused by inadequate locking of a temporary file used when modifying /etc/passwd, enabling a local attacker to escalate privileges. The issue affects Red...

CVE-2003-0094

A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed...

CVE-2002-0638

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in...

Privelege escalation in util-linux chfn

Unchecked race conditions under file decriptors leaves ability to modify /etc/passwd...

PT-2001-1015 · Util Linux +1 · Util-Linux +1

Name of the Vulnerable Software and Affected Versions: util-linux versions prior to 2.11n Red Hat Enterprise Linux affected versions not specified Description: The issue allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system,...

[RHSA-2001:095-04] New util-linux packages available to fix vipw permissions problems

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: New util-linux packages available to fix vipw permissions problems Advisory ID: RHSA-2001:095-04 Issue date: 2001-07-12 Updated on: 2001-07-16 Product: Red Hat Linux Keywords:...

format bug in agetty ??

util-linux-2.10h/login-utils agetty.c:244 ifdef DEBUGGING define debugs fprintfdbf,s; fflushdbf FILE dbf; else define debugs / nothing / endif agetty.c:281 ifdef DEBUGGING dbf = fopen"/dev/ttyp0", "w"; int i; fori = 1; i argc; i++ debugargvi; endif w/ -DDEBUGGING is bogus. -- Carlos E Gorges...

CVE-1999-0661

CVE-1999-0661 involves multiple widely-used packages (TCP Wrappers 7.6, util-linux 2.9g, wuftpd 2.2 and 2.1f, ircII 2.2.9, OpenSSH 3.4p1, Sendmail 8.12.6) that were replaced at distribution points by a Trojan Horse. The Red Hat advisory and other records corroborate the same core issue: compromis...

CVE-1999-0661

A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as 1 TCP Wrappers 7.6, 2 util-linux 2.9g, 3 wuarchive ftpd wuftpd 2.2 and 2.1f, 4 IRC client ircII ircII 2.2.9, 5 OpenSSH 3.4p1, or 6 Sendmail 8.12.6...