CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-0157 – util-linux: mount folder existence information disclosure
https://notcve.org/view.php?id=CVE-2013-0157
21 Jan 2014 — (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. (a) mount y (b) unmount en util-linux 2.14.1, 2.17.2, y probablemente otras versiones permite a usuarios locales determinar la existencia de directorios restringidos median... • http://bugs.debian.org/697464 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1675 – util-linux: mount fails to anticipate RLIMIT_FSIZE
https://notcve.org/view.php?id=CVE-2011-1675
10 Apr 2011 — mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. mount in util-linux v2.19 y anteriores, intenta añadir al fichero /etc/mtab.tmp sin primero comprobar si los limites del recurso interfieren, lo que permite a usuarios locales provocar una corrupción del fichero /etc... • http://openwall.com/lists/oss-security/2011/03/04/10 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 2CVE-2011-1676 – Gentoo Linux Security Advisory 201405-15
https://notcve.org/view.php?id=CVE-2011-1676
10 Apr 2011 — mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations. mount in util-linux v2.19 y anteriores no elimina el fichero /etc/mtab.tmp después de un intento fallido de añadir un punto de montaje, lo que permite a usuarios locales provocar una corrupción del fichero /etc/mtab mediante múltiples llamadas. Multiple vulnerabilities have been found in util-li... • http://openwall.com/lists/oss-security/2011/03/04/10 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1677 – util-linux: umount may fail to remove /etc/mtab~ lock file
https://notcve.org/view.php?id=CVE-2011-1677
10 Apr 2011 — mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. mount en util-linux v2.19 y anteriores no elimina el archivo lock /etc/mtab~ después de un intento fallido de añadir un punto de montaje, lo cual tiene un impacto no especificado y vectores de ataque locales. Multiple vulnerabilities have been found in util-linux, the worst of which may lead to Denial of Service. Versions less than ... • http://openwall.com/lists/oss-security/2011/03/04/10 •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2008-1926 – util-linux: audit log injection via login
https://notcve.org/view.php?id=CVE-2008-1926
23 Apr 2008 — Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." Vulnerabilidad de inyección de argumento en login (login-utils/login.c) de util-linux-ng 2.14 y anteriores, hace que atacantes remotos puedan esconder fácilmente sus actividades modificando partes del log de sucesos, como se ... • http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=blobdiff%3Bf=login-utils/login.c%3Bh=230121316d953c59e7842c1325f6e9f326a37608%3Bhp=aad27794327c60391b5148b367d2c79338fc6ee4%3Bhb=8ccf0b253ac0f4f58d64bc9674de18bff5a88782%3Bhpb=3a4a13b12a8065b0b5354686d2807cce421a9973 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2007-5191 – util-linux (u)mount doesn't drop privileges properly when calling helpers
https://notcve.org/view.php?id=CVE-2007-5191
04 Oct 2007 — mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. El montaje y desmontaje en util-linux y loop-aes-utils, llaman a las funciones setuid y setgid en el orden incorrecto y no comprueban los valores de retorno, lo que podría permitir a atacantes alcanzar privilegios por medio de asistentes como mount.nfs. • http://bugs.gentoo.org/show_bug.cgi?id=195390 • CWE-252: Unchecked Return Value •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-7108
https://notcve.org/view.php?id=CVE-2006-7108
04 Mar 2007 — login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. la entrada en util-linux-2.12a se salta pam_acct_mgmt y chauth_tok cuando la validación es saltada, por ejemplo cuando se ha establecido una sesión del krlogin del Kerberos, lo cual podría permitir a usuarios evitar las políticas previstas de... • http://secunia.com/advisories/25098 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0CVE-2005-2876
https://notcve.org/view.php?id=CVE-2005-2876
13 Sep 2005 — umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. • http://marc.info/?l=bugtraq&m=112656096125857&w=2 •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0080
https://notcve.org/view.php?id=CVE-2004-0080
03 Mar 2004 — The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. El programa login en util-linux 2.11 y anteriores usa un puntero después de haber sido liberado y reasignado, lo que podría hacer que login filtrara datos sensibles. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0094
https://notcve.org/view.php?id=CVE-2003-0094
03 Mar 2003 — A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. • http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016 •