Page 5 of 25 results (0.007 seconds)

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0

The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. El programa login en util-linux 2.11 y anteriores usa un puntero después de haber sido liberado y reasignado, lo que podría hacer que login filtrara datos sensibles. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U http://marc.info/?l=bugtraq&m=108077689801698&w=2 http://marc.info/?l=bugtraq&m=108144719532385&w=2 http://secunia.com/advisories/10773 http://security.gentoo.org/glsa/glsa-200404-06.xml http://www.kb.cert.org/vuls/id/801526 http://www.osvdb.org/3796 http://www.redhat.com/support/errata/RHSA-2004-056.html http:/&#x •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. • http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016 http://www.securityfocus.com/bid/6855 https://exchange.xforce.ibmcloud.com/vulnerabilities/11318 •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing. vipw en el paquete util-linux anteriores a 2.10 permite que /etc/shawow sea legible por todos los usuarios en algunos casos, lo que haría facil a usuarios locales realizar ataques de fuerza bruta para adivinar contraseñas. • http://www.redhat.com/support/errata/RHSA-2001-095.html http://www.redhat.com/support/errata/RHSA-2001-132.html http://www.securityfocus.com/bid/3036 https://exchange.xforce.ibmcloud.com/vulnerabilities/6851 https://access.redhat.com/security/cve/CVE-2001-1175 https://bugzilla.redhat.com/show_bug.cgi?id=1616650 •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. • http://seclists.org/bugtraq/2001/Dec/0122.html http://seclists.org/bugtraq/2001/Dec/0123.html http://secunia.com/advisories/16785 http://secunia.com/advisories/18502 http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm http://www.redhat.com/support/errata/RHSA-2005-782.html http://www.securityfocus.com/bid/16280 https://exchange.xforce.ibmcloud.com/vulnerabilities/7718 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10723 https://a • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits. • http://www.ciac.org/ciac/bulletins/m-009.shtml http://www.iss.net/security_center/static/7266.php http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3 http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html http://www.redhat.com/support/errata/RHSA-2001-132.html http://www.securityfocus.com/archive/1/219175 http://www.securityfocus.com/bid/3415 https://access.redhat.com/security/cve/CVE-2001-1147 https://bugzilla.redhat.com/show_bug& •