Vulnerabilites related to andries_brouwer - util-linux
cve-2006-7108
Vulnerability from cvelistv5
Published
2007-03-04 22:00
Modified
2024-08-07 20:50
Severity ?
EPSS score ?
Summary
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/25098 | third-party-advisory, x_refsource_SECUNIA | |
| https://issues.rpath.com/browse/RPL-1359 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/25935 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/24321 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2007-0235.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:111 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/25692 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/25530 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm | x_refsource_CONFIRM | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689 | vdb-entry, signature, x_refsource_OVAL | |
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:50:06.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1359"
},
{
"name": "25935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25935"
},
{
"name": "24321",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24321"
},
{
"name": "RHSA-2007:0235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0235.html"
},
{
"name": "MDKSA-2007:111",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111"
},
{
"name": "25692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25692"
},
{
"name": "25530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25530"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm"
},
{
"name": "oval:org.mitre.oval:def:9689",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1359"
},
{
"name": "25935",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25935"
},
{
"name": "24321",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24321"
},
{
"name": "RHSA-2007:0235",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0235.html"
},
{
"name": "MDKSA-2007:111",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111"
},
{
"name": "25692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25692"
},
{
"name": "25530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25530"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm"
},
{
"name": "oval:org.mitre.oval:def:9689",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25098"
},
{
"name": "https://issues.rpath.com/browse/RPL-1359",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1359"
},
{
"name": "25935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25935"
},
{
"name": "24321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24321"
},
{
"name": "RHSA-2007:0235",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0235.html"
},
{
"name": "MDKSA-2007:111",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111"
},
{
"name": "25692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25692"
},
{
"name": "25530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25530"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm"
},
{
"name": "oval:org.mitre.oval:def:9689",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7108",
"datePublished": "2007-03-04T22:00:00",
"dateReserved": "2007-03-04T00:00:00",
"dateUpdated": "2024-08-07T20:50:06.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0080
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:01
Severity ?
EPSS score ?
Summary
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc | vendor-advisory, x_refsource_SGI | |
| http://security.gentoo.org/glsa/glsa-200404-06.xml | vendor-advisory, x_refsource_GENTOO | |
| ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U | vendor-advisory, x_refsource_SGI | |
| http://www.redhat.com/support/errata/RHSA-2004-056.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.kb.cert.org/vuls/id/801526 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=108077689801698&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=108144719532385&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15016 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/3796 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/10773 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/9558 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.687Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040201-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"name": "GLSA-200404-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-06.xml"
},
{
"name": "20040406-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
},
{
"name": "RHSA-2004:056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-056.html"
},
{
"name": "VU#801526",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/801526"
},
{
"name": "20040331 OpenLinux: util-linux could leak sensitive data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108077689801698\u0026w=2"
},
{
"name": "20040408 LNSA-#2004-0010: login may leak sensitive data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108144719532385\u0026w=2"
},
{
"name": "utillinux-information-leak(15016)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15016"
},
{
"name": "3796",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3796"
},
{
"name": "10773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10773"
},
{
"name": "9558",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040201-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"name": "GLSA-200404-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-06.xml"
},
{
"name": "20040406-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
},
{
"name": "RHSA-2004:056",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-056.html"
},
{
"name": "VU#801526",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/801526"
},
{
"name": "20040331 OpenLinux: util-linux could leak sensitive data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108077689801698\u0026w=2"
},
{
"name": "20040408 LNSA-#2004-0010: login may leak sensitive data",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108144719532385\u0026w=2"
},
{
"name": "utillinux-information-leak(15016)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15016"
},
{
"name": "3796",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3796"
},
{
"name": "10773",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10773"
},
{
"name": "9558",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9558"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040201-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"name": "GLSA-200404-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200404-06.xml"
},
{
"name": "20040406-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
},
{
"name": "RHSA-2004:056",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-056.html"
},
{
"name": "VU#801526",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/801526"
},
{
"name": "20040331 OpenLinux: util-linux could leak sensitive data",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108077689801698\u0026w=2"
},
{
"name": "20040408 LNSA-#2004-0010: login may leak sensitive data",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108144719532385\u0026w=2"
},
{
"name": "utillinux-information-leak(15016)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15016"
},
{
"name": "3796",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3796"
},
{
"name": "10773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10773"
},
{
"name": "9558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9558"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0080",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-01-19T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1175
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6851 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/3036 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2001-132.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2001-095.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:08.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vipw-world-readable-files(6851)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6851"
},
{
"name": "3036",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3036"
},
{
"name": "RHSA-2001:132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
},
{
"name": "RHSA-2001:095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-095.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vipw-world-readable-files(6851)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6851"
},
{
"name": "3036",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3036"
},
{
"name": "RHSA-2001:132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
},
{
"name": "RHSA-2001:095",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-095.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vipw-world-readable-files(6851)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6851"
},
{
"name": "3036",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3036"
},
{
"name": "RHSA-2001:132",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
},
{
"name": "RHSA-2001:095",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-095.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1175",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:08.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2876
Vulnerability from cvelistv5
Published
2005-09-13 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:28.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101960",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1"
},
{
"name": "17133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17133"
},
{
"name": "FLSA:168326",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/419774/100/0/threaded"
},
{
"name": "utillinux-umount-gain-privileges(22241)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22241"
},
{
"name": "19369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19369"
},
{
"name": "DSA-823",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-823"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "16785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16785"
},
{
"name": "2005-0049",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112690609622266\u0026w=2"
},
{
"name": "16988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16988"
},
{
"name": "DSA-825",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-825"
},
{
"name": "17154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17154"
},
{
"name": "USN-184",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-184-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm"
},
{
"name": "18502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18502"
},
{
"name": "oval:org.mitre.oval:def:10921",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "20050912 util-linux: unintentional grant of privileges by umount",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112656096125857\u0026w=2"
},
{
"name": "17004",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17004"
},
{
"name": "14816",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14816"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "101960",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1"
},
{
"name": "17133",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17133"
},
{
"name": "FLSA:168326",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/419774/100/0/threaded"
},
{
"name": "utillinux-umount-gain-privileges(22241)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22241"
},
{
"name": "19369",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19369"
},
{
"name": "DSA-823",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-823"
},
{
"name": "SUSE-SR:2005:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"name": "16785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16785"
},
{
"name": "2005-0049",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112690609622266\u0026w=2"
},
{
"name": "16988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16988"
},
{
"name": "DSA-825",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-825"
},
{
"name": "17154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17154"
},
{
"name": "USN-184",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-184-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm"
},
{
"name": "18502",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18502"
},
{
"name": "oval:org.mitre.oval:def:10921",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921"
},
{
"name": "17027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17027"
},
{
"name": "20050912 util-linux: unintentional grant of privileges by umount",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112656096125857\u0026w=2"
},
{
"name": "17004",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17004"
},
{
"name": "14816",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14816"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-2876",
"datePublished": "2005-09-13T04:00:00",
"dateReserved": "2005-09-13T00:00:00",
"dateUpdated": "2024-08-07T22:53:28.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1147
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/7266.php | vdb-entry, x_refsource_XF | |
| http://www.ciac.org/ciac/bulletins/m-009.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://www.redhat.com/support/errata/RHSA-2001-132.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/3415 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/219175 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3 | vendor-advisory, x_refsource_MANDRAKE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:08.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "utillinux-pamlimits-gain-privileges(7266)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7266.php"
},
{
"name": "M-009",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/m-009.shtml"
},
{
"name": "RHSA-2001:132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
},
{
"name": "SuSE-SA:2001:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html"
},
{
"name": "3415",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3415"
},
{
"name": "20011008 pam_limits.so Bug!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/219175"
},
{
"name": "MDKSA-2001:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "utillinux-pamlimits-gain-privileges(7266)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7266.php"
},
{
"name": "M-009",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/m-009.shtml"
},
{
"name": "RHSA-2001:132",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
},
{
"name": "SuSE-SA:2001:034",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html"
},
{
"name": "3415",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3415"
},
{
"name": "20011008 pam_limits.so Bug!!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/219175"
},
{
"name": "MDKSA-2001:084",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "utillinux-pamlimits-gain-privileges(7266)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7266.php"
},
{
"name": "M-009",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-009.shtml"
},
{
"name": "RHSA-2001:132",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
},
{
"name": "SuSE-SA:2001:034",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html"
},
{
"name": "3415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3415"
},
{
"name": "20011008 pam_limits.so Bug!!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/219175"
},
{
"name": "MDKSA-2001:084",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1147",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:08.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0094
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016 | vendor-advisory, x_refsource_MANDRAKE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11318 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/6855 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2003:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016"
},
{
"name": "utillinux-mcookie-cookie-predictable(11318)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318"
},
{
"name": "6855",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6855"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-11T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2003:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016"
},
{
"name": "utillinux-mcookie-cookie-predictable(11318)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318"
},
{
"name": "6855",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6855"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2003:016",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016"
},
{
"name": "utillinux-mcookie-cookie-predictable(11318)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318"
},
{
"name": "6855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6855"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0094",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-14T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| andries_brouwer | util-linux | 2.11n | |
| andries_brouwer | util-linux | 2.11u |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11n:*:*:*:*:*:*:*",
"matchCriteriaId": "5373C2C3-A866-4DF4-96D9-D00F5BF07D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11u:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCBA2B8-6BD4-4D57-BE24-B18B32B4EAEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed."
}
],
"id": "CVE-2003-0094",
"lastModified": "2024-11-20T23:43:56.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6855"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-13 23:03
Modified
2024-11-21 00:00
Severity ?
Summary
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| andries_brouwer | util-linux | 2.8.1_alpha | |
| andries_brouwer | util-linux | 2.8_12 | |
| andries_brouwer | util-linux | 2.9i | |
| andries_brouwer | util-linux | 2.9w | |
| andries_brouwer | util-linux | 2.10f | |
| andries_brouwer | util-linux | 2.10m | |
| andries_brouwer | util-linux | 2.10p | |
| andries_brouwer | util-linux | 2.11f | |
| andries_brouwer | util-linux | 2.11n | |
| andries_brouwer | util-linux | 2.11q | |
| andries_brouwer | util-linux | 2.11r | |
| andries_brouwer | util-linux | 2.11w | |
| andries_brouwer | util-linux | 2.11x | |
| andries_brouwer | util-linux | 2.11y | |
| andries_brouwer | util-linux | 2.11z | |
| andries_brouwer | util-linux | 2.12a | |
| andries_brouwer | util-linux | 2.12b | |
| andries_brouwer | util-linux | 2.12i | |
| andries_brouwer | util-linux | 2.12j | |
| andries_brouwer | util-linux | 2.12k | |
| andries_brouwer | util-linux | 2.12o | |
| andries_brouwer | util-linux | 2.12p | |
| andries_brouwer | util-linux | 2.12q | |
| andries_brouwer | util-linux | 2.13_pre1 | |
| andries_brouwer | util-linux | 2.13_pre2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.8.1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "33EBEAFD-9506-4F5D-B145-97A998752D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.8_12:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCE2B16-1699-4998-8AB9-CD6BD66D4EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.9i:*:*:*:*:*:*:*",
"matchCriteriaId": "8473B1B6-F64B-4A94-A436-AAB7C10912A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.9w:*:*:*:*:*:*:*",
"matchCriteriaId": "8996CAE7-3CFE-4481-B4F8-944A3B1B748A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.10f:*:*:*:*:*:*:*",
"matchCriteriaId": "95CBB57F-72BC-4899-A1F5-82A8BAF26B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.10m:*:*:*:*:*:*:*",
"matchCriteriaId": "A4ED60F9-A0E5-4049-8E3F-B7DC2A2F7D77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.10p:*:*:*:*:*:*:*",
"matchCriteriaId": "73D64FC4-EE57-4C5A-ABC1-B8C6351585FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11f:*:*:*:*:*:*:*",
"matchCriteriaId": "AE56638F-4097-4754-80A8-88EC5DAB132A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11n:*:*:*:*:*:*:*",
"matchCriteriaId": "5373C2C3-A866-4DF4-96D9-D00F5BF07D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11q:*:*:*:*:*:*:*",
"matchCriteriaId": "E4DD2A16-D7AA-45DC-8B19-C51BBEEE3AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11r:*:*:*:*:*:*:*",
"matchCriteriaId": "A57348A8-EA3B-4D7A-9156-94AFC9818EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11w:*:*:*:*:*:*:*",
"matchCriteriaId": "86899B54-F091-4D70-9297-3F3C027EDDC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11x:*:*:*:*:*:*:*",
"matchCriteriaId": "664298E8-22D1-4080-8C5C-F66D0B00B5E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11y:*:*:*:*:*:*:*",
"matchCriteriaId": "C3B84FF0-B48C-4373-B697-214FF6A74989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11z:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4519C9-569D-4466-B010-CCE9B1744323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.12a:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A0D9EB-8FB6-41EB-9ED2-94B5C397430B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.12b:*:*:*:*:*:*:*",
"matchCriteriaId": "923880C5-C499-4F64-BA8E-F8388E03CF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.12i:*:*:*:*:*:*:*",
"matchCriteriaId": "F1575911-8617-400C-BDFD-1F230C366A9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.12j:*:*:*:*:*:*:*",
"matchCriteriaId": "823F2832-A2FC-4443-898E-207EB2D560E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.12k:*:*:*:*:*:*:*",
"matchCriteriaId": "8CE5A6BC-B02A-4A9E-941A-6EDE3B96F5D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.12o:*:*:*:*:*:*:*",
"matchCriteriaId": "A81ECE3B-93A6-4A8E-92F8-3AE6DA1E4EE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.12p:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA7F4D3-1B94-46F0-B0BA-03B166823789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.12q:*:*:*:*:*:*:*",
"matchCriteriaId": "07AB6672-CA16-4ACE-8939-AE833359FA3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.13_pre1:*:*:*:*:*:*:*",
"matchCriteriaId": "33AB7B0C-56BE-4B72-B413-05779FF3261E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.13_pre2:*:*:*:*:*:*:*",
"matchCriteriaId": "59EED347-3CB1-4F51-86E2-5350EDEC186E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags."
}
],
"id": "CVE-2005-2876",
"lastModified": "2024-11-21T00:00:38.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-13T23:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=112656096125857\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=112690609622266\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/16785"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/16988"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17004"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17133"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/17154"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/18502"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-823"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-825"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/19369"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/419774/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/14816"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-184-1"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22241"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112656096125857\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112690609622266\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-825"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19369"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/419774/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-184-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-08 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| andries_brouwer | util-linux | 2.10s | |
| andries_brouwer | util-linux | 2.11f | |
| andries_brouwer | util-linux | 2.11h | |
| andries_brouwer | util-linux | 2.11i | |
| andries_brouwer | util-linux | 2.11k |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.10s:*:*:*:*:*:*:*",
"matchCriteriaId": "861DAF15-48B3-42C0-B747-76967AE1918D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11f:*:*:*:*:*:*:*",
"matchCriteriaId": "AE56638F-4097-4754-80A8-88EC5DAB132A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11h:*:*:*:*:*:*:*",
"matchCriteriaId": "3324A111-D5BC-4A81-8EF4-2E95AFAFD19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11i:*:*:*:*:*:*:*",
"matchCriteriaId": "1F256A5F-8525-452F-BF47-8F916A65608C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11k:*:*:*:*:*:*:*",
"matchCriteriaId": "9A6AEAFC-F3AA-46CF-81CD-3CE5151CFC62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits."
}
],
"id": "CVE-2001-1147",
"lastModified": "2024-11-20T23:37:00.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-08T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/m-009.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7266.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/219175"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/m-009.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7266.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/219175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3415"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-03-03 05:00
Modified
2024-11-20 23:47
Severity ?
Summary
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| andries_brouwer | util-linux | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00B08758-E846-4658-9CA0-0F9A3D18CEB0",
"versionEndIncluding": "2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data."
},
{
"lang": "es",
"value": "El programa login en util-linux 2.11 y anteriores usa un puntero despu\u00e9s de haber sido liberado y reasignado, lo que podr\u00eda hacer que login filtrara datos sensibles."
}
],
"id": "CVE-2004-0080",
"lastModified": "2024-11-20T23:47:43.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108077689801698\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108144719532385\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/10773"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200404-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/801526"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3796"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-056.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9558"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108077689801698\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108144719532385\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/10773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200404-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/801526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15016"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-04-01 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| andries_brouwer | util-linux | 2.10s | |
| andries_brouwer | util-linux | 2.11d |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.10s:*:*:*:*:*:*:*",
"matchCriteriaId": "861DAF15-48B3-42C0-B747-76967AE1918D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.11d:*:*:*:*:*:*:*",
"matchCriteriaId": "4276FFC9-0B2E-4235-9ACD-0CE2FB81CF5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing."
},
{
"lang": "es",
"value": "vipw en el paquete util-linux anteriores a 2.10 permite que /etc/shawow sea legible por todos los usuarios en algunos casos, lo que har\u00eda facil a usuarios locales realizar ataques de fuerza bruta para adivinar contrase\u00f1as."
}
],
"id": "CVE-2001-1175",
"lastModified": "2024-11-20T23:37:04.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-04-01T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-095.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3036"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-095.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6851"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-04 22:19
Modified
2024-11-21 00:24
Severity ?
Summary
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| andries_brouwer | util-linux | 2.12a |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:andries_brouwer:util-linux:2.12a:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A0D9EB-8FB6-41EB-9ED2-94B5C397430B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok."
},
{
"lang": "es",
"value": "la entrada en util-linux-2.12a se salta pam_acct_mgmt y chauth_tok cuando la validaci\u00f3n es saltada, por ejemplo cuando se ha establecido una sesi\u00f3n del krlogin del Kerberos, lo cual podr\u00eda permitir a usuarios evitar las pol\u00edticas previstas de acceso que estar\u00edan forzadas por el pam_acct_mgmt y el chauth_tok."
}
],
"id": "CVE-2006-7108",
"lastModified": "2024-11-21T00:24:24.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-04T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25098"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25530"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25692"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25935"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0235.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24321"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1359"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25935"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0235.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThis flaw has been rated as having a low severity by the Red Hat Security Response Team. More information about this rating can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nThis flaw is currently being tracked via the following bugs:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=231449\nhttps://bugzilla.redhat.com/show_bug.cgi?id=231448\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode.\n",
"lastModified": "2007-09-07T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}