CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1675 – util-linux: mount fails to anticipate RLIMIT_FSIZE
https://notcve.org/view.php?id=CVE-2011-1675
10 Apr 2011 — mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. mount in util-linux v2.19 y anteriores, intenta añadir al fichero /etc/mtab.tmp sin primero comprobar si los limites del recurso interfieren, lo que permite a usuarios locales provocar una corrupción del fichero /etc... • http://openwall.com/lists/oss-security/2011/03/04/10 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1677 – util-linux: umount may fail to remove /etc/mtab~ lock file
https://notcve.org/view.php?id=CVE-2011-1677
10 Apr 2011 — mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. mount en util-linux v2.19 y anteriores no elimina el archivo lock /etc/mtab~ después de un intento fallido de añadir un punto de montaje, lo cual tiene un impacto no especificado y vectores de ataque locales. Multiple vulnerabilities have been found in util-linux, the worst of which may lead to Denial of Service. Versions less than ... • http://openwall.com/lists/oss-security/2011/03/04/10 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2007-5191 – util-linux (u)mount doesn't drop privileges properly when calling helpers
https://notcve.org/view.php?id=CVE-2007-5191
04 Oct 2007 — mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. El montaje y desmontaje en util-linux y loop-aes-utils, llaman a las funciones setuid y setgid en el orden incorrecto y no comprueban los valores de retorno, lo que podría permitir a atacantes alcanzar privilegios por medio de asistentes como mount.nfs. • http://bugs.gentoo.org/show_bug.cgi?id=195390 • CWE-252: Unchecked Return Value •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0080
https://notcve.org/view.php?id=CVE-2004-0080
03 Mar 2004 — The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. El programa login en util-linux 2.11 y anteriores usa un puntero después de haber sido liberado y reasignado, lo que podría hacer que login filtrara datos sensibles. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2001-1494
https://notcve.org/view.php?id=CVE-2001-1494
31 Dec 2001 — script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. • http://seclists.org/bugtraq/2001/Dec/0122.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •