CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 2CVE-2011-1676 – Gentoo Linux Security Advisory 201405-15
https://notcve.org/view.php?id=CVE-2011-1676
10 Apr 2011 — mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations. mount in util-linux v2.19 y anteriores no elimina el fichero /etc/mtab.tmp después de un intento fallido de añadir un punto de montaje, lo que permite a usuarios locales provocar una corrupción del fichero /etc/mtab mediante múltiples llamadas. Multiple vulnerabilities have been found in util-li... • http://openwall.com/lists/oss-security/2011/03/04/10 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1677 – util-linux: umount may fail to remove /etc/mtab~ lock file
https://notcve.org/view.php?id=CVE-2011-1677
10 Apr 2011 — mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. mount en util-linux v2.19 y anteriores no elimina el archivo lock /etc/mtab~ después de un intento fallido de añadir un punto de montaje, lo cual tiene un impacto no especificado y vectores de ataque locales. Multiple vulnerabilities have been found in util-linux, the worst of which may lead to Denial of Service. Versions less than ... • http://openwall.com/lists/oss-security/2011/03/04/10 •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2008-1926 – util-linux: audit log injection via login
https://notcve.org/view.php?id=CVE-2008-1926
23 Apr 2008 — Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." Vulnerabilidad de inyección de argumento en login (login-utils/login.c) de util-linux-ng 2.14 y anteriores, hace que atacantes remotos puedan esconder fácilmente sus actividades modificando partes del log de sucesos, como se ... • http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=blobdiff%3Bf=login-utils/login.c%3Bh=230121316d953c59e7842c1325f6e9f326a37608%3Bhp=aad27794327c60391b5148b367d2c79338fc6ee4%3Bhb=8ccf0b253ac0f4f58d64bc9674de18bff5a88782%3Bhpb=3a4a13b12a8065b0b5354686d2807cce421a9973 • CWE-94: Improper Control of Generation of Code ('Code Injection') •