6 results (0.012 seconds)

CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0

login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. la entrada en util-linux-2.12a se salta pam_acct_mgmt y chauth_tok cuando la validación es saltada, por ejemplo cuando se ha establecido una sesión del krlogin del Kerberos, lo cual podría permitir a usuarios evitar las políticas previstas de acceso que estarían forzadas por el pam_acct_mgmt y el chauth_tok. • http://secunia.com/advisories/25098 http://secunia.com/advisories/25530 http://secunia.com/advisories/25692 http://secunia.com/advisories/25935 http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm http://www.mandriva.com/security/advisories?name=MDKSA-2007:111 http://www.redhat.com/support/errata/RHSA-2007-0235.html http://www.securityfocus.com/bid/24321 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331 https://issues.rpath.com/browse/RPL-1359 https:/ • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 25EXPL: 0

umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. • http://marc.info/?l=bugtraq&m=112656096125857&w=2 http://marc.info/?l=bugtraq&m=112690609622266&w=2 http://secunia.com/advisories/16785 http://secunia.com/advisories/16988 http://secunia.com/advisories/17004 http://secunia.com/advisories/17027 http://secunia.com/advisories/17133 http://secunia.com/advisories/17154 http://secunia.com/advisories/18502 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1 http://support.avaya.com/elmodocs2/security/ASA-2006 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. El programa login en util-linux 2.11 y anteriores usa un puntero después de haber sido liberado y reasignado, lo que podría hacer que login filtrara datos sensibles. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U http://marc.info/?l=bugtraq&m=108077689801698&w=2 http://marc.info/?l=bugtraq&m=108144719532385&w=2 http://secunia.com/advisories/10773 http://security.gentoo.org/glsa/glsa-200404-06.xml http://www.kb.cert.org/vuls/id/801526 http://www.osvdb.org/3796 http://www.redhat.com/support/errata/RHSA-2004-056.html http:/&#x •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. • http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016 http://www.securityfocus.com/bid/6855 https://exchange.xforce.ibmcloud.com/vulnerabilities/11318 •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing. vipw en el paquete util-linux anteriores a 2.10 permite que /etc/shawow sea legible por todos los usuarios en algunos casos, lo que haría facil a usuarios locales realizar ataques de fuerza bruta para adivinar contraseñas. • http://www.redhat.com/support/errata/RHSA-2001-095.html http://www.redhat.com/support/errata/RHSA-2001-132.html http://www.securityfocus.com/bid/3036 https://exchange.xforce.ibmcloud.com/vulnerabilities/6851 https://access.redhat.com/security/cve/CVE-2001-1175 https://bugzilla.redhat.com/show_bug.cgi?id=1616650 •