CVE-2008-5394 – Debian - Symlink In Login Arbitrary File Ownership
https://notcve.org/view.php?id=CVE-2008-5394
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry. /bin/login en shadow 4.0.18.1 en Debian GNU/Linux, y probablemente otras distribuciones de Linux, permiten a los usuarios locales en el el grupo utmp sobrescribir arbitrariamente archivos a través de un ataque de enlace simbólico en un archivo temporal referenciado en un campo línea (alias ut_line) en una entrada utmp. • https://www.exploit-db.com/exploits/7313 http://bugs.debian.org/332198 http://bugs.debian.org/505071 http://bugs.debian.org/505271 http://osvdb.org/52200 http://security.gentoo.org/glsa/glsa-200903-24.xml http://securityreason.com/securityalert/4695 http://www.mandriva.com/security/advisories?name=MDVSA-2009:062 http://www.securityfocus.com/archive/1/498769/100/0/threaded http://www.securityfocus.com/bid/32552 http://www.ubuntu.com/usn/usn-695-1 https:// • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2006-1174
https://notcve.org/view.php?id=CVE-2006-1174
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://cvs.pld.org.pl/shadow/NEWS?rev=1.109 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://secunia.com/advisories/20370 http://secunia.com/advisories/20506 http://secunia.com/advisories/25098 http://secunia.com/advisories/25267 http://secunia.com/advisories/25629 http://secunia.com/advisories/25894 http://secunia.com/advisories/25896 http://secunia.com/advisories • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-1844
https://notcve.org/view.php?id=CVE-2006-1844
The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939 http://secunia.com/advisories/19170 http://www.osvdb.org/23922 •
CVE-2004-1001
https://notcve.org/view.php?id=CVE-2004-1001
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000894 http://secunia.com/advisories/13028 http://www.debian.org/security/2004/dsa-585 https://exchange.xforce.ibmcloud.com/vulnerabilities/17902 •