CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-7738
https://notcve.org/view.php?id=CVE-2018-7738
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. En util-linux, en versiones anteriores a la 2.32-rc1, bash-completion/umount permite que usuarios locales obtengan privilegios embebiendo comandos shell en un nombre mountpoint, que se gestiona de manera incorrecta durante un comando umount (en Bash) ejecutado por otro usuario. Esto se demuestra iniciando sesión como root y escribiendo unmount, seguido por un carácter de tabulador para autocompletar. • http://www.securityfocus.com/bid/103367 https://bugs.debian.org/892179 https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55 https://github.com/karelzak/util-linux/issues/539 https://usn.ubuntu.com/4512-1 https://www.debian.org/security/2018/dsa-4134 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5224
https://notcve.org/view.php?id=CVE-2015-5224
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. La función mkostemp en login-utils en util-linux, al usarse de forma incorrecta, permite que atacantes remotos provoquen una colisión de nombre de archivo y, posiblemente, otros ataques. • http://www.openwall.com/lists/oss-security/2015/08/24/3 http://www.securityfocus.com/bid/76467 https://bugzilla.redhat.com/show_bug.cgi?id=1256686 https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-2779
https://notcve.org/view.php?id=CVE-2016-2779
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. runuser en util-linux permite a usuarios locales escapar a la sesión principal a través de una llamada ioctl TIOCSTI manipulada, que empuja caracteres al búfer de entrada del terminal. • http://www.openwall.com/lists/oss-security/2016/02/27/1 http://www.openwall.com/lists/oss-security/2016/02/27/2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 19EXPL: 0CVE-2016-5011 – util-linux: Extended partition loop in MBR partition table leads to DOS
https://notcve.org/view.php?id=CVE-2016-5011
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. La función parse_dos_extended en partitions/dos.c en la biblioteca libblkid en util-linux permite a atacantes físicamente próximos provocar una denegación de servicio (consumo de memoria) a través de una tabla de particiones MSDOS manipulada con un registro de arranque de partición extendida en desplazamiento cero. It was found that util-linux's libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine. • http://rhn.redhat.com/errata/RHSA-2016-2605.html http://www-01.ibm.com/support/docview.wss?uid=isg3T1024543 http://www-01.ibm.com/support/docview.wss?uid=nas8N1021801 http://www.openwall.com/lists/oss-security/2016/07/11/2 http://www.securityfocus.com/bid/91683 http://www.securitytracker.com/id/1036272 https://git.kernel.org/pub/scm/utils/util-linux/util-linux.git/commit/?id=7164a1c3 https://access.redhat.com/security/cve/CVE-2016-5011 https://bugzilla.redhat. •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 1CVE-2015-5218
https://notcve.org/view.php?id=CVE-2015-5218
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. Desbordamiento de buffer en text-utils/colcrt.c en colcrt en util-linux en versiones anteriores a 2.27 permite a usuarios locales causar una denegación de servicio (caída) a través de un archivo manipulado, relacionado con la variable page global. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00035.html http://www.spinics.net/lists/util-linux-ng/msg11873.html https://bugzilla.redhat.com/show_bug.cgi?id=1259322 https://github.com/kerolasa/lelux-utiliteetit/commit/70e3fcf293c1827a2655a86584ab13075124a8a8 https://github.com/kerolasa/lelux-utiliteetit/commit/d883d64d96ab9bef510745d064a351145b9babec https://www.kernel.org/pub/linux/utils/util-linux/v2.27/v2.27-ReleaseNotes • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •