CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 2CVE-2011-1676 – Gentoo Linux Security Advisory 201405-15
https://notcve.org/view.php?id=CVE-2011-1676
10 Apr 2011 — mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations. mount in util-linux v2.19 y anteriores no elimina el fichero /etc/mtab.tmp después de un intento fallido de añadir un punto de montaje, lo que permite a usuarios locales provocar una corrupción del fichero /etc/mtab mediante múltiples llamadas. Multiple vulnerabilities have been found in util-li... • http://openwall.com/lists/oss-security/2011/03/04/10 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1677 – util-linux: umount may fail to remove /etc/mtab~ lock file
https://notcve.org/view.php?id=CVE-2011-1677
10 Apr 2011 — mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. mount en util-linux v2.19 y anteriores no elimina el archivo lock /etc/mtab~ después de un intento fallido de añadir un punto de montaje, lo cual tiene un impacto no especificado y vectores de ataque locales. Multiple vulnerabilities have been found in util-linux, the worst of which may lead to Denial of Service. Versions less than ... • http://openwall.com/lists/oss-security/2011/03/04/10 •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2008-1926 – util-linux: audit log injection via login
https://notcve.org/view.php?id=CVE-2008-1926
23 Apr 2008 — Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." Vulnerabilidad de inyección de argumento en login (login-utils/login.c) de util-linux-ng 2.14 y anteriores, hace que atacantes remotos puedan esconder fácilmente sus actividades modificando partes del log de sucesos, como se ... • http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=blobdiff%3Bf=login-utils/login.c%3Bh=230121316d953c59e7842c1325f6e9f326a37608%3Bhp=aad27794327c60391b5148b367d2c79338fc6ee4%3Bhb=8ccf0b253ac0f4f58d64bc9674de18bff5a88782%3Bhpb=3a4a13b12a8065b0b5354686d2807cce421a9973 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2007-5191 – util-linux (u)mount doesn't drop privileges properly when calling helpers
https://notcve.org/view.php?id=CVE-2007-5191
04 Oct 2007 — mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. El montaje y desmontaje en util-linux y loop-aes-utils, llaman a las funciones setuid y setgid en el orden incorrecto y no comprueban los valores de retorno, lo que podría permitir a atacantes alcanzar privilegios por medio de asistentes como mount.nfs. • http://bugs.gentoo.org/show_bug.cgi?id=195390 • CWE-252: Unchecked Return Value •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2005-2876
https://notcve.org/view.php?id=CVE-2005-2876
13 Sep 2005 — umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. • http://marc.info/?l=bugtraq&m=112656096125857&w=2 •