Page 3 of 15 results (0.004 seconds)

CVSS: 3.3EPSS: 0%CPEs: 17EXPL: 0

CVE-2011-1675 – util-linux: mount fails to anticipate RLIMIT_FSIZE

https://notcve.org/view.php?id=CVE-2011-1675

mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. mount in util-linux v2.19 y anteriores, intenta añadir al fichero /etc/mtab.tmp sin primero comprobar si los limites del recurso interfieren, lo que permite a usuarios locales provocar una corrupción del fichero /etc/mtab mediante un proceso con un valor RLIMIT_FSIZE pequeño, un asunto relacionado con CVE-2011-1089. • http://openwall.com/lists/oss-security/2011/03/04/10 http://openwall.com/lists/oss-security/2011/03/04/11 http://openwall.com/lists/oss-security/2011/03/04/12 http://openwall.com/lists/oss-security/2011/03/04/9 http://openwall.com/lists/oss-security/2011/03/05/3 http://openwall.com/lists/oss-security/2011/03/05/7 http://openwall.com/lists/oss-security/2011/03/07/9 http://openwall.com/lists/oss-security/2011/03/14/16 http://openwall • CWE-399: Resource Management Errors •

CVSS: 4.6EPSS: 0%CPEs: 17EXPL: 0

CVE-2011-1677 – util-linux: umount may fail to remove /etc/mtab~ lock file

https://notcve.org/view.php?id=CVE-2011-1677

mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. mount en util-linux v2.19 y anteriores no elimina el archivo lock /etc/mtab~ después de un intento fallido de añadir un punto de montaje, lo cual tiene un impacto no especificado y vectores de ataque locales. • http://openwall.com/lists/oss-security/2011/03/04/10 http://openwall.com/lists/oss-security/2011/03/04/11 http://openwall.com/lists/oss-security/2011/03/04/12 http://openwall.com/lists/oss-security/2011/03/04/9 http://openwall.com/lists/oss-security/2011/03/05/3 http://openwall.com/lists/oss-security/2011/03/05/7 http://openwall.com/lists/oss-security/2011/03/07/9 http://openwall.com/lists/oss-security/2011/03/14/16 http://openwall •

CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0

CVE-2007-5191 – util-linux (u)mount doesn't drop privileges properly when calling helpers

https://notcve.org/view.php?id=CVE-2007-5191

mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. El montaje y desmontaje en util-linux y loop-aes-utils, llaman a las funciones setuid y setgid en el orden incorrecto y no comprueban los valores de retorno, lo que podría permitir a atacantes alcanzar privilegios por medio de asistentes como mount.nfs. • http://bugs.gentoo.org/show_bug.cgi?id=195390 http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198 http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://secunia.com/advisories/27104 http://secunia.com/advisories/27122 http://secunia.com/advisories/27145 http:/ • CWE-252: Unchecked Return Value •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

CVE-2004-0080

https://notcve.org/view.php?id=CVE-2004-0080

The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. El programa login en util-linux 2.11 y anteriores usa un puntero después de haber sido liberado y reasignado, lo que podría hacer que login filtrara datos sensibles. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U http://marc.info/?l=bugtraq&m=108077689801698&w=2 http://marc.info/?l=bugtraq&m=108144719532385&w=2 http://secunia.com/advisories/10773 http://security.gentoo.org/glsa/glsa-200404-06.xml http://www.kb.cert.org/vuls/id/801526 http://www.osvdb.org/3796 http://www.redhat.com/support/errata/RHSA-2004-056.html http:/&#x •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2001-1494

https://notcve.org/view.php?id=CVE-2001-1494

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. • http://seclists.org/bugtraq/2001/Dec/0122.html http://seclists.org/bugtraq/2001/Dec/0123.html http://secunia.com/advisories/16785 http://secunia.com/advisories/18502 http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm http://www.redhat.com/support/errata/RHSA-2005-782.html http://www.securityfocus.com/bid/16280 https://exchange.xforce.ibmcloud.com/vulnerabilities/7718 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723 https://a • CWE-59: Improper Link Resolution Before File Access ('Link Following') •