CVE-2007-5191 – util-linux (u)mount doesn't drop privileges properly when calling helpers
https://notcve.org/view.php?id=CVE-2007-5191
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. El montaje y desmontaje en util-linux y loop-aes-utils, llaman a las funciones setuid y setgid en el orden incorrecto y no comprueban los valores de retorno, lo que podría permitir a atacantes alcanzar privilegios por medio de asistentes como mount.nfs. • http://bugs.gentoo.org/show_bug.cgi?id=195390 http://frontal2.mandriva.com/en/security/advisories?name=MDKSA-2007:198 http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git%3Ba=commit%3Bh=ebbeb2c7ac1b00b6083905957837a271e80b187e http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00008.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://secunia.com/advisories/27104 http://secunia.com/advisories/27122 http://secunia.com/advisories/27145 http:/ • CWE-252: Unchecked Return Value •
CVE-2006-7108
https://notcve.org/view.php?id=CVE-2006-7108
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. la entrada en util-linux-2.12a se salta pam_acct_mgmt y chauth_tok cuando la validación es saltada, por ejemplo cuando se ha establecido una sesión del krlogin del Kerberos, lo cual podría permitir a usuarios evitar las políticas previstas de acceso que estarían forzadas por el pam_acct_mgmt y el chauth_tok. • http://secunia.com/advisories/25098 http://secunia.com/advisories/25530 http://secunia.com/advisories/25692 http://secunia.com/advisories/25935 http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm http://www.mandriva.com/security/advisories?name=MDKSA-2007:111 http://www.redhat.com/support/errata/RHSA-2007-0235.html http://www.securityfocus.com/bid/24321 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331 https://issues.rpath.com/browse/RPL-1359 https:/ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-2876
https://notcve.org/view.php?id=CVE-2005-2876
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. • http://marc.info/?l=bugtraq&m=112656096125857&w=2 http://marc.info/?l=bugtraq&m=112690609622266&w=2 http://secunia.com/advisories/16785 http://secunia.com/advisories/16988 http://secunia.com/advisories/17004 http://secunia.com/advisories/17027 http://secunia.com/advisories/17133 http://secunia.com/advisories/17154 http://secunia.com/advisories/18502 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1 http://support.avaya.com/elmodocs2/security/ASA-2006 •
CVE-2004-0080
https://notcve.org/view.php?id=CVE-2004-0080
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. El programa login en util-linux 2.11 y anteriores usa un puntero después de haber sido liberado y reasignado, lo que podría hacer que login filtrara datos sensibles. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U http://marc.info/?l=bugtraq&m=108077689801698&w=2 http://marc.info/?l=bugtraq&m=108144719532385&w=2 http://secunia.com/advisories/10773 http://security.gentoo.org/glsa/glsa-200404-06.xml http://www.kb.cert.org/vuls/id/801526 http://www.osvdb.org/3796 http://www.redhat.com/support/errata/RHSA-2004-056.html http:/ •
CVE-2003-0094
https://notcve.org/view.php?id=CVE-2003-0094
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. • http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016 http://www.securityfocus.com/bid/6855 https://exchange.xforce.ibmcloud.com/vulnerabilities/11318 •