6 results (0.005 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

04 Mar 2007 — login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. la entrada en util-linux-2.12a se salta pam_acct_mgmt y chauth_tok cuando la validación es saltada, por ejemplo cuando se ha establecido una sesión del krlogin del Kerberos, lo cual podría permitir a usuarios evitar las políticas previstas de... • http://secunia.com/advisories/25098 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 25EXPL: 0

13 Sep 2005 — umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. • http://marc.info/?l=bugtraq&m=112656096125857&w=2 •

CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0

03 Mar 2004 — The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. El programa login en util-linux 2.11 y anteriores usa un puntero después de haber sido liberado y reasignado, lo que podría hacer que login filtrara datos sensibles. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0

03 Mar 2003 — A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. • http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016 •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

01 Apr 2002 — vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing. vipw en el paquete util-linux anteriores a 2.10 permite que /etc/shawow sea legible por todos los usuarios en algunos casos, lo que haría facil a usuarios locales realizar ataques de fuerza bruta para adivinar contraseñas. • http://www.redhat.com/support/errata/RHSA-2001-095.html •

CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0

08 Oct 2001 — The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits. • http://www.ciac.org/ciac/bulletins/m-009.shtml •