CVE-2014-9114
https://notcve.org/view.php?id=CVE-2014-9114
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Blkid en util-linux en versiones anteriores a 2.26rc-1 permite a usuarios locales ejecutar código arbitrario. • http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145188.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/146229.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00035.html http://www.openwall.com/lists/oss-security/2014/11/26/21 http://www.securityfocus.com/bid/71327 https://bugzilla.redhat.com/show_bug.cgi?id=1168485 https://exchange.xforce.ibmcloud.com/vulnerabilities/98993 https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2013-0157 – util-linux: mount folder existence information disclosure
https://notcve.org/view.php?id=CVE-2013-0157
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. (a) mount y (b) unmount en util-linux 2.14.1, 2.17.2, y probablemente otras versiones permite a usuarios locales determinar la existencia de directorios restringidos mediante (1) el uso de la opción de comando --guess-fstype command-line o (2) intentar montar un dispositivo inexistente, lo que genera diferentes mensajes de error dependiendo de si el directorio existe. • http://bugs.debian.org/697464 http://marc.info/?l=oss-security&m=135749410312247&w=2 http://osvdb.org/88953 http://rhn.redhat.com/errata/RHSA-2013-0517.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:154 https://bugzilla.redhat.com/show_bug.cgi?id=892330 https://access.redhat.com/security/cve/CVE-2013-0157 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-5191 – util-linux (u)mount doesn't drop privileges properly when calling helpers
https://notcve.org/view.php?id=CVE-2007-5191
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. El montaje y desmontaje en util-linux y loop-aes-utils, llaman a las funciones setuid y setgid en el orden incorrecto y no comprueban los valores de retorno, lo que podría permitir a atacantes alcanzar privilegios por medio de asistentes como mount.nfs. • http://bugs.gentoo.org/show_bug.cgi?id=195390 http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198 http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://secunia.com/advisories/27104 http://secunia.com/advisories/27122 http://secunia.com/advisories/27145 http:/ • CWE-252: Unchecked Return Value •
CVE-2001-1494
https://notcve.org/view.php?id=CVE-2001-1494
script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. • http://seclists.org/bugtraq/2001/Dec/0122.html http://seclists.org/bugtraq/2001/Dec/0123.html http://secunia.com/advisories/16785 http://secunia.com/advisories/18502 http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm http://www.redhat.com/support/errata/RHSA-2005-782.html http://www.securityfocus.com/bid/16280 https://exchange.xforce.ibmcloud.com/vulnerabilities/7718 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723 https://a • CWE-59: Improper Link Resolution Before File Access ('Link Following') •