CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 2CVE-2011-1676 – Gentoo Linux Security Advisory 201405-15
https://notcve.org/view.php?id=CVE-2011-1676
10 Apr 2011 — mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations. mount in util-linux v2.19 y anteriores no elimina el fichero /etc/mtab.tmp después de un intento fallido de añadir un punto de montaje, lo que permite a usuarios locales provocar una corrupción del fichero /etc/mtab mediante múltiples llamadas. Multiple vulnerabilities have been found in util-li... • http://openwall.com/lists/oss-security/2011/03/04/10 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1677 – util-linux: umount may fail to remove /etc/mtab~ lock file
https://notcve.org/view.php?id=CVE-2011-1677
10 Apr 2011 — mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. mount en util-linux v2.19 y anteriores no elimina el archivo lock /etc/mtab~ después de un intento fallido de añadir un punto de montaje, lo cual tiene un impacto no especificado y vectores de ataque locales. Multiple vulnerabilities have been found in util-linux, the worst of which may lead to Denial of Service. Versions less than ... • http://openwall.com/lists/oss-security/2011/03/04/10 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2007-5191 – util-linux (u)mount doesn't drop privileges properly when calling helpers
https://notcve.org/view.php?id=CVE-2007-5191
04 Oct 2007 — mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. El montaje y desmontaje en util-linux y loop-aes-utils, llaman a las funciones setuid y setgid en el orden incorrecto y no comprueban los valores de retorno, lo que podría permitir a atacantes alcanzar privilegios por medio de asistentes como mount.nfs. • http://bugs.gentoo.org/show_bug.cgi?id=195390 • CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2005-2876
https://notcve.org/view.php?id=CVE-2005-2876
13 Sep 2005 — umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. • http://marc.info/?l=bugtraq&m=112656096125857&w=2 •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0080
https://notcve.org/view.php?id=CVE-2004-0080
03 Mar 2004 — The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. El programa login en util-linux 2.11 y anteriores usa un puntero después de haber sido liberado y reasignado, lo que podría hacer que login filtrara datos sensibles. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0094
https://notcve.org/view.php?id=CVE-2003-0094
03 Mar 2003 — A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. • http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2001-1175
https://notcve.org/view.php?id=CVE-2001-1175
01 Apr 2002 — vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing. vipw en el paquete util-linux anteriores a 2.10 permite que /etc/shawow sea legible por todos los usuarios en algunos casos, lo que haría facil a usuarios locales realizar ataques de fuerza bruta para adivinar contraseñas. • http://www.redhat.com/support/errata/RHSA-2001-095.html •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2001-1494
https://notcve.org/view.php?id=CVE-2001-1494
31 Dec 2001 — script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. • http://seclists.org/bugtraq/2001/Dec/0122.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2001-1147
https://notcve.org/view.php?id=CVE-2001-1147
08 Oct 2001 — The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits. • http://www.ciac.org/ciac/bulletins/m-009.shtml •