CVE-2006-7108
https://notcve.org/view.php?id=CVE-2006-7108
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. la entrada en util-linux-2.12a se salta pam_acct_mgmt y chauth_tok cuando la validación es saltada, por ejemplo cuando se ha establecido una sesión del krlogin del Kerberos, lo cual podría permitir a usuarios evitar las políticas previstas de acceso que estarían forzadas por el pam_acct_mgmt y el chauth_tok. • http://secunia.com/advisories/25098 http://secunia.com/advisories/25530 http://secunia.com/advisories/25692 http://secunia.com/advisories/25935 http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm http://www.mandriva.com/security/advisories?name=MDKSA-2007:111 http://www.redhat.com/support/errata/RHSA-2007-0235.html http://www.securityfocus.com/bid/24321 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331 https://issues.rpath.com/browse/RPL-1359 https:/ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-2876
https://notcve.org/view.php?id=CVE-2005-2876
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. • http://marc.info/?l=bugtraq&m=112656096125857&w=2 http://marc.info/?l=bugtraq&m=112690609622266&w=2 http://secunia.com/advisories/16785 http://secunia.com/advisories/16988 http://secunia.com/advisories/17004 http://secunia.com/advisories/17027 http://secunia.com/advisories/17133 http://secunia.com/advisories/17154 http://secunia.com/advisories/18502 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1 http://support.avaya.com/elmodocs2/security/ASA-2006 •
CVE-2004-0080
https://notcve.org/view.php?id=CVE-2004-0080
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. El programa login en util-linux 2.11 y anteriores usa un puntero después de haber sido liberado y reasignado, lo que podría hacer que login filtrara datos sensibles. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U http://marc.info/?l=bugtraq&m=108077689801698&w=2 http://marc.info/?l=bugtraq&m=108144719532385&w=2 http://secunia.com/advisories/10773 http://security.gentoo.org/glsa/glsa-200404-06.xml http://www.kb.cert.org/vuls/id/801526 http://www.osvdb.org/3796 http://www.redhat.com/support/errata/RHSA-2004-056.html http:/ •
CVE-2003-0645 – man-db 2.4.1 - 'open_cat_stream()' Local uid=man
https://notcve.org/view.php?id=CVE-2003-0645
man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges. man-db 2.3.12 y 2.3.18 a 2.4.1 usa ciertas directivas DEFINE controladas por el usuario del fichero ~/.manpath, incluso cuando corre con setuid, lo que podría permitir a usuarios locales ganar privielgios. • https://www.exploit-db.com/exploits/75 http://marc.info/?l=bugtraq&m=106018504800341&w=2 http://www.debian.org/security/2003/dsa-364 http://www.securityfocus.com/bid/8352 https://exchange.xforce.ibmcloud.com/vulnerabilities/12848 •
CVE-2003-0620 – ManDB Utility 2.3/2.4 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-0620
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable. Múltiples desbordamientos de búfer en man-db 2.4.1 y anteriores, cuando se instala con setuid, permite a usuarios locales ganar privilegios mediante: los argumentos MANDATORY_MANPATH, MANPATH_MAP, y MANDB_MAP a add_dirlist en ult_src.c, un nombre de ruta largo a ult_scr en ult_src.c un argumento .so largo a test_for_include en ult_src.c una variable de entorno MANPATH larga, una variable de entorno PATH larga. • https://www.exploit-db.com/exploits/22971 http://marc.info/?l=bugtraq&m=105951284512898&w=2 http://marc.info/?l=bugtraq&m=105960276803617&w=2 http://www.debian.org/security/2003/dsa-364 •