Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for util-linux by andries_brouwer

    CVE-2006-7108 (GCVE-0-2006-7108)

    Vulnerability from nvd – Published: 2007-03-04 22:00 – Updated: 2024-08-07 20:50
    VLAI
    Summary
    login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/25098 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-1359 x_refsource_CONFIRM
    http://secunia.com/advisories/25935 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/24321 vdb-entryx_refsource_BID
    http://www.redhat.com/support/errata/RHSA-2007-02… vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/25692 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/25530 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi… x_refsource_CONFIRM
    Date Public
    2006-08-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:50:06.039Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25098",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25098"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1359"
              },
              {
                "name": "25935",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25935"
              },
              {
                "name": "24321",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24321"
              },
              {
                "name": "RHSA-2007:0235",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0235.html"
              },
              {
                "name": "MDKSA-2007:111",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111"
              },
              {
                "name": "25692",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25692"
              },
              {
                "name": "25530",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25530"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm"
              },
              {
                "name": "oval:org.mitre.oval:def:9689",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "25098",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25098"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1359"
            },
            {
              "name": "25935",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25935"
            },
            {
              "name": "24321",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24321"
            },
            {
              "name": "RHSA-2007:0235",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0235.html"
            },
            {
              "name": "MDKSA-2007:111",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111"
            },
            {
              "name": "25692",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25692"
            },
            {
              "name": "25530",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25530"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:9689",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-7108",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "25098",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25098"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1359",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1359"
                },
                {
                  "name": "25935",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25935"
                },
                {
                  "name": "24321",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24321"
                },
                {
                  "name": "RHSA-2007:0235",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0235.html"
                },
                {
                  "name": "MDKSA-2007:111",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111"
                },
                {
                  "name": "25692",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25692"
                },
                {
                  "name": "25530",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25530"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm"
                },
                {
                  "name": "oval:org.mitre.oval:def:9689",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689"
                },
                {
                  "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-7108",
        "datePublished": "2007-03-04T22:00:00.000Z",
        "dateReserved": "2007-03-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:50:06.039Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2876 (GCVE-0-2005-2876)

    Vulnerability from nvd – Published: 2005-09-13 04:00 – Updated: 2024-08-07 22:53
    VLAI
    Summary
    umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/17133 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/419774/100… vendor-advisoryx_refsource_FEDORA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/19369 vdb-entryx_refsource_OSVDB
    http://www.debian.org/security/2005/dsa-823 vendor-advisoryx_refsource_DEBIAN
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/16785 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=112690609622266&w=2 vendor-advisoryx_refsource_TRUSTIX
    http://secunia.com/advisories/16988 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2005/dsa-825 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/17154 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-184-1 vendor-advisoryx_refsource_UBUNTU
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_MISC
    http://secunia.com/advisories/18502 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/17027 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=112656096125857&w=2 mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/17004 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/14816 vdb-entryx_refsource_BID
    Date Public
    2005-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:53:28.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101960",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1"
              },
              {
                "name": "17133",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17133"
              },
              {
                "name": "FLSA:168326",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/419774/100/0/threaded"
              },
              {
                "name": "utillinux-umount-gain-privileges(22241)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22241"
              },
              {
                "name": "19369",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/19369"
              },
              {
                "name": "DSA-823",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-823"
              },
              {
                "name": "SUSE-SR:2005:021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
              },
              {
                "name": "16785",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16785"
              },
              {
                "name": "2005-0049",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=112690609622266\u0026w=2"
              },
              {
                "name": "16988",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16988"
              },
              {
                "name": "DSA-825",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-825"
              },
              {
                "name": "17154",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17154"
              },
              {
                "name": "USN-184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-184-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm"
              },
              {
                "name": "18502",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18502"
              },
              {
                "name": "oval:org.mitre.oval:def:10921",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921"
              },
              {
                "name": "17027",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17027"
              },
              {
                "name": "20050912 util-linux: unintentional grant of privileges by umount",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=112656096125857\u0026w=2"
              },
              {
                "name": "17004",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17004"
              },
              {
                "name": "14816",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14816"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "101960",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1"
            },
            {
              "name": "17133",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17133"
            },
            {
              "name": "FLSA:168326",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://www.securityfocus.com/archive/1/419774/100/0/threaded"
            },
            {
              "name": "utillinux-umount-gain-privileges(22241)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22241"
            },
            {
              "name": "19369",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/19369"
            },
            {
              "name": "DSA-823",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-823"
            },
            {
              "name": "SUSE-SR:2005:021",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
            },
            {
              "name": "16785",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16785"
            },
            {
              "name": "2005-0049",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=112690609622266\u0026w=2"
            },
            {
              "name": "16988",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16988"
            },
            {
              "name": "DSA-825",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-825"
            },
            {
              "name": "17154",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17154"
            },
            {
              "name": "USN-184",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-184-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm"
            },
            {
              "name": "18502",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18502"
            },
            {
              "name": "oval:org.mitre.oval:def:10921",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921"
            },
            {
              "name": "17027",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17027"
            },
            {
              "name": "20050912 util-linux: unintentional grant of privileges by umount",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=112656096125857\u0026w=2"
            },
            {
              "name": "17004",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17004"
            },
            {
              "name": "14816",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14816"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2005-2876",
        "datePublished": "2005-09-13T04:00:00.000Z",
        "dateReserved": "2005-09-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:53:28.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0080 (GCVE-0-2004-0080)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:01
    VLAI
    Summary
    The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    http://security.gentoo.org/glsa/glsa-200404-06.xml vendor-advisoryx_refsource_GENTOO
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    http://www.redhat.com/support/errata/RHSA-2004-056.html vendor-advisoryx_refsource_REDHAT
    http://www.kb.cert.org/vuls/id/801526 third-party-advisoryx_refsource_CERT-VN
    http://marc.info/?l=bugtraq&m=108077689801698&w=2 mailing-listx_refsource_BUGTRAQ
    http://marc.info/?l=bugtraq&m=108144719532385&w=2 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/3796 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/10773 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/9558 vdb-entryx_refsource_BID
    Date Public
    2004-02-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:23.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20040201-01-U",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
              },
              {
                "name": "GLSA-200404-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200404-06.xml"
              },
              {
                "name": "20040406-01-U",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
              },
              {
                "name": "RHSA-2004:056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-056.html"
              },
              {
                "name": "VU#801526",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/801526"
              },
              {
                "name": "20040331 OpenLinux: util-linux could leak sensitive data",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108077689801698\u0026w=2"
              },
              {
                "name": "20040408 LNSA-#2004-0010: login may leak sensitive data",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108144719532385\u0026w=2"
              },
              {
                "name": "utillinux-information-leak(15016)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15016"
              },
              {
                "name": "3796",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/3796"
              },
              {
                "name": "10773",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/10773"
              },
              {
                "name": "9558",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9558"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-02-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-11-13T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20040201-01-U",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
            },
            {
              "name": "GLSA-200404-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200404-06.xml"
            },
            {
              "name": "20040406-01-U",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
            },
            {
              "name": "RHSA-2004:056",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-056.html"
            },
            {
              "name": "VU#801526",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/801526"
            },
            {
              "name": "20040331 OpenLinux: util-linux could leak sensitive data",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108077689801698\u0026w=2"
            },
            {
              "name": "20040408 LNSA-#2004-0010: login may leak sensitive data",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108144719532385\u0026w=2"
            },
            {
              "name": "utillinux-information-leak(15016)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15016"
            },
            {
              "name": "3796",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/3796"
            },
            {
              "name": "10773",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/10773"
            },
            {
              "name": "9558",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9558"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0080",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20040201-01-U",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
                },
                {
                  "name": "GLSA-200404-06",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200404-06.xml"
                },
                {
                  "name": "20040406-01-U",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
                },
                {
                  "name": "RHSA-2004:056",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-056.html"
                },
                {
                  "name": "VU#801526",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/801526"
                },
                {
                  "name": "20040331 OpenLinux: util-linux could leak sensitive data",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108077689801698\u0026w=2"
                },
                {
                  "name": "20040408 LNSA-#2004-0010: login may leak sensitive data",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108144719532385\u0026w=2"
                },
                {
                  "name": "utillinux-information-leak(15016)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15016"
                },
                {
                  "name": "3796",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/3796"
                },
                {
                  "name": "10773",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/10773"
                },
                {
                  "name": "9558",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9558"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0080",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2004-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:01:23.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0094 (GCVE-0-2003-0094)

    Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:43
    VLAI
    Summary
    A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mandrakesoft.com/security/advisories?n… vendor-advisoryx_refsource_MANDRAKE
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/6855 vdb-entryx_refsource_BID
    Date Public
    2003-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:43:35.603Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDKSA-2003:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016"
              },
              {
                "name": "utillinux-mcookie-cookie-predictable(11318)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318"
              },
              {
                "name": "6855",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6855"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-08-11T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "MDKSA-2003:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016"
            },
            {
              "name": "utillinux-mcookie-cookie-predictable(11318)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318"
            },
            {
              "name": "6855",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6855"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0094",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDKSA-2003:016",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016"
                },
                {
                  "name": "utillinux-mcookie-cookie-predictable(11318)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318"
                },
                {
                  "name": "6855",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6855"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0094",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2003-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:43:35.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1175 (GCVE-0-2001-1175)

    Vulnerability from nvd – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:44
    VLAI
    Summary
    vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2001-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:44:08.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "vipw-world-readable-files(6851)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6851"
              },
              {
                "name": "3036",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3036"
              },
              {
                "name": "RHSA-2001:132",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
              },
              {
                "name": "RHSA-2001:095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2001-095.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-03-22T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "vipw-world-readable-files(6851)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6851"
            },
            {
              "name": "3036",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3036"
            },
            {
              "name": "RHSA-2001:132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
            },
            {
              "name": "RHSA-2001:095",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2001-095.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "vipw-world-readable-files(6851)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6851"
                },
                {
                  "name": "3036",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3036"
                },
                {
                  "name": "RHSA-2001:132",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
                },
                {
                  "name": "RHSA-2001:095",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2001-095.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1175",
        "datePublished": "2002-06-25T04:00:00.000Z",
        "dateReserved": "2002-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:44:08.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1147 (GCVE-0-2001-1147)

    Vulnerability from nvd – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:44
    VLAI
    Summary
    The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.iss.net/security_center/static/7266.php vdb-entryx_refsource_XF
    http://www.ciac.org/ciac/bulletins/m-009.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.redhat.com/support/errata/RHSA-2001-132.html vendor-advisoryx_refsource_REDHAT
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/3415 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/219175 mailing-listx_refsource_BUGTRAQ
    http://www.linux-mandrake.com/en/security/2001/MD… vendor-advisoryx_refsource_MANDRAKE
    Date Public
    2001-10-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:44:08.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "utillinux-pamlimits-gain-privileges(7266)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/7266.php"
              },
              {
                "name": "M-009",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/m-009.shtml"
              },
              {
                "name": "RHSA-2001:132",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
              },
              {
                "name": "SuSE-SA:2001:034",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html"
              },
              {
                "name": "3415",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3415"
              },
              {
                "name": "20011008 pam_limits.so Bug!!",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/219175"
              },
              {
                "name": "MDKSA-2001:084",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-10-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-03-22T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "utillinux-pamlimits-gain-privileges(7266)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/7266.php"
            },
            {
              "name": "M-009",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/m-009.shtml"
            },
            {
              "name": "RHSA-2001:132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
            },
            {
              "name": "SuSE-SA:2001:034",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html"
            },
            {
              "name": "3415",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3415"
            },
            {
              "name": "20011008 pam_limits.so Bug!!",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/219175"
            },
            {
              "name": "MDKSA-2001:084",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1147",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "utillinux-pamlimits-gain-privileges(7266)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/7266.php"
                },
                {
                  "name": "M-009",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/m-009.shtml"
                },
                {
                  "name": "RHSA-2001:132",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
                },
                {
                  "name": "SuSE-SA:2001:034",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html"
                },
                {
                  "name": "3415",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3415"
                },
                {
                  "name": "20011008 pam_limits.so Bug!!",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/219175"
                },
                {
                  "name": "MDKSA-2001:084",
                  "refsource": "MANDRAKE",
                  "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1147",
        "datePublished": "2002-06-25T04:00:00.000Z",
        "dateReserved": "2002-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:44:08.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-7108 (GCVE-0-2006-7108)

    Vulnerability from cvelistv5 – Published: 2007-03-04 22:00 – Updated: 2024-08-07 20:50
    VLAI
    Summary
    login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/25098 third-party-advisoryx_refsource_SECUNIA
    https://issues.rpath.com/browse/RPL-1359 x_refsource_CONFIRM
    http://secunia.com/advisories/25935 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/24321 vdb-entryx_refsource_BID
    http://www.redhat.com/support/errata/RHSA-2007-02… vendor-advisoryx_refsource_REDHAT
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://secunia.com/advisories/25692 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/25530 third-party-advisoryx_refsource_SECUNIA
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_CONFIRM
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi… x_refsource_CONFIRM
    Date Public
    2006-08-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:50:06.039Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "25098",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25098"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://issues.rpath.com/browse/RPL-1359"
              },
              {
                "name": "25935",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25935"
              },
              {
                "name": "24321",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24321"
              },
              {
                "name": "RHSA-2007:0235",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2007-0235.html"
              },
              {
                "name": "MDKSA-2007:111",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111"
              },
              {
                "name": "25692",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25692"
              },
              {
                "name": "25530",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25530"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm"
              },
              {
                "name": "oval:org.mitre.oval:def:9689",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-08-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-10-10T00:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "25098",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25098"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://issues.rpath.com/browse/RPL-1359"
            },
            {
              "name": "25935",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25935"
            },
            {
              "name": "24321",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24321"
            },
            {
              "name": "RHSA-2007:0235",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2007-0235.html"
            },
            {
              "name": "MDKSA-2007:111",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111"
            },
            {
              "name": "25692",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25692"
            },
            {
              "name": "25530",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25530"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm"
            },
            {
              "name": "oval:org.mitre.oval:def:9689",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-7108",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "25098",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25098"
                },
                {
                  "name": "https://issues.rpath.com/browse/RPL-1359",
                  "refsource": "CONFIRM",
                  "url": "https://issues.rpath.com/browse/RPL-1359"
                },
                {
                  "name": "25935",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25935"
                },
                {
                  "name": "24321",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24321"
                },
                {
                  "name": "RHSA-2007:0235",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2007-0235.html"
                },
                {
                  "name": "MDKSA-2007:111",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:111"
                },
                {
                  "name": "25692",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25692"
                },
                {
                  "name": "25530",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25530"
                },
                {
                  "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm",
                  "refsource": "CONFIRM",
                  "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-252.htm"
                },
                {
                  "name": "oval:org.mitre.oval:def:9689",
                  "refsource": "OVAL",
                  "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9689"
                },
                {
                  "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177331"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-7108",
        "datePublished": "2007-03-04T22:00:00.000Z",
        "dateReserved": "2007-03-04T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:50:06.039Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-2876 (GCVE-0-2005-2876)

    Vulnerability from cvelistv5 – Published: 2005-09-13 04:00 – Updated: 2024-08-07 22:53
    VLAI
    Summary
    umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://sunsolve.sun.com/search/document.do?assetk… vendor-advisoryx_refsource_SUNALERT
    http://secunia.com/advisories/17133 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/419774/100… vendor-advisoryx_refsource_FEDORA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/19369 vdb-entryx_refsource_OSVDB
    http://www.debian.org/security/2005/dsa-823 vendor-advisoryx_refsource_DEBIAN
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://secunia.com/advisories/16785 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=112690609622266&w=2 vendor-advisoryx_refsource_TRUSTIX
    http://secunia.com/advisories/16988 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2005/dsa-825 vendor-advisoryx_refsource_DEBIAN
    http://secunia.com/advisories/17154 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/usn-184-1 vendor-advisoryx_refsource_UBUNTU
    http://support.avaya.com/elmodocs2/security/ASA-2… x_refsource_MISC
    http://secunia.com/advisories/18502 third-party-advisoryx_refsource_SECUNIA
    https://oval.cisecurity.org/repository/search/def… vdb-entrysignaturex_refsource_OVAL
    http://secunia.com/advisories/17027 third-party-advisoryx_refsource_SECUNIA
    http://marc.info/?l=bugtraq&m=112656096125857&w=2 mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/17004 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/14816 vdb-entryx_refsource_BID
    Date Public
    2005-09-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T22:53:28.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "101960",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUNALERT",
                  "x_transferred"
                ],
                "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1"
              },
              {
                "name": "17133",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17133"
              },
              {
                "name": "FLSA:168326",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/419774/100/0/threaded"
              },
              {
                "name": "utillinux-umount-gain-privileges(22241)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22241"
              },
              {
                "name": "19369",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/19369"
              },
              {
                "name": "DSA-823",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-823"
              },
              {
                "name": "SUSE-SR:2005:021",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
              },
              {
                "name": "16785",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16785"
              },
              {
                "name": "2005-0049",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=112690609622266\u0026w=2"
              },
              {
                "name": "16988",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/16988"
              },
              {
                "name": "DSA-825",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2005/dsa-825"
              },
              {
                "name": "17154",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17154"
              },
              {
                "name": "USN-184",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-184-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm"
              },
              {
                "name": "18502",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18502"
              },
              {
                "name": "oval:org.mitre.oval:def:10921",
                "tags": [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
                  "x_transferred"
                ],
                "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921"
              },
              {
                "name": "17027",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17027"
              },
              {
                "name": "20050912 util-linux: unintentional grant of privileges by umount",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=112656096125857\u0026w=2"
              },
              {
                "name": "17004",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/17004"
              },
              {
                "name": "14816",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/14816"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "101960",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUNALERT"
              ],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101960-1"
            },
            {
              "name": "17133",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17133"
            },
            {
              "name": "FLSA:168326",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://www.securityfocus.com/archive/1/419774/100/0/threaded"
            },
            {
              "name": "utillinux-umount-gain-privileges(22241)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22241"
            },
            {
              "name": "19369",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/19369"
            },
            {
              "name": "DSA-823",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-823"
            },
            {
              "name": "SUSE-SR:2005:021",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2005_21_sr.html"
            },
            {
              "name": "16785",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16785"
            },
            {
              "name": "2005-0049",
              "tags": [
                "vendor-advisory",
                "x_refsource_TRUSTIX"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=112690609622266\u0026w=2"
            },
            {
              "name": "16988",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/16988"
            },
            {
              "name": "DSA-825",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2005/dsa-825"
            },
            {
              "name": "17154",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17154"
            },
            {
              "name": "USN-184",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-184-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm"
            },
            {
              "name": "18502",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18502"
            },
            {
              "name": "oval:org.mitre.oval:def:10921",
              "tags": [
                "vdb-entry",
                "signature",
                "x_refsource_OVAL"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10921"
            },
            {
              "name": "17027",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17027"
            },
            {
              "name": "20050912 util-linux: unintentional grant of privileges by umount",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=112656096125857\u0026w=2"
            },
            {
              "name": "17004",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/17004"
            },
            {
              "name": "14816",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/14816"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2005-2876",
        "datePublished": "2005-09-13T04:00:00.000Z",
        "dateReserved": "2005-09-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T22:53:28.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-0080 (GCVE-0-2004-0080)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:01
    VLAI
    Summary
    The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    http://security.gentoo.org/glsa/glsa-200404-06.xml vendor-advisoryx_refsource_GENTOO
    ftp://patches.sgi.com/support/free/security/advis… vendor-advisoryx_refsource_SGI
    http://www.redhat.com/support/errata/RHSA-2004-056.html vendor-advisoryx_refsource_REDHAT
    http://www.kb.cert.org/vuls/id/801526 third-party-advisoryx_refsource_CERT-VN
    http://marc.info/?l=bugtraq&m=108077689801698&w=2 mailing-listx_refsource_BUGTRAQ
    http://marc.info/?l=bugtraq&m=108144719532385&w=2 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.osvdb.org/3796 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/10773 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/9558 vdb-entryx_refsource_BID
    Date Public
    2004-02-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:01:23.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20040201-01-U",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
              },
              {
                "name": "GLSA-200404-06",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200404-06.xml"
              },
              {
                "name": "20040406-01-U",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
              },
              {
                "name": "RHSA-2004:056",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2004-056.html"
              },
              {
                "name": "VU#801526",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/801526"
              },
              {
                "name": "20040331 OpenLinux: util-linux could leak sensitive data",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108077689801698\u0026w=2"
              },
              {
                "name": "20040408 LNSA-#2004-0010: login may leak sensitive data",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=108144719532385\u0026w=2"
              },
              {
                "name": "utillinux-information-leak(15016)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15016"
              },
              {
                "name": "3796",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/3796"
              },
              {
                "name": "10773",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/10773"
              },
              {
                "name": "9558",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/9558"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-02-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-11-13T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20040201-01-U",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
            },
            {
              "name": "GLSA-200404-06",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200404-06.xml"
            },
            {
              "name": "20040406-01-U",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
            },
            {
              "name": "RHSA-2004:056",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-056.html"
            },
            {
              "name": "VU#801526",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/801526"
            },
            {
              "name": "20040331 OpenLinux: util-linux could leak sensitive data",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108077689801698\u0026w=2"
            },
            {
              "name": "20040408 LNSA-#2004-0010: login may leak sensitive data",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=108144719532385\u0026w=2"
            },
            {
              "name": "utillinux-information-leak(15016)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15016"
            },
            {
              "name": "3796",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/3796"
            },
            {
              "name": "10773",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/10773"
            },
            {
              "name": "9558",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/9558"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-0080",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20040201-01-U",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
                },
                {
                  "name": "GLSA-200404-06",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200404-06.xml"
                },
                {
                  "name": "20040406-01-U",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U"
                },
                {
                  "name": "RHSA-2004:056",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2004-056.html"
                },
                {
                  "name": "VU#801526",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/801526"
                },
                {
                  "name": "20040331 OpenLinux: util-linux could leak sensitive data",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108077689801698\u0026w=2"
                },
                {
                  "name": "20040408 LNSA-#2004-0010: login may leak sensitive data",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=108144719532385\u0026w=2"
                },
                {
                  "name": "utillinux-information-leak(15016)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15016"
                },
                {
                  "name": "3796",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/3796"
                },
                {
                  "name": "10773",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/10773"
                },
                {
                  "name": "9558",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/9558"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-0080",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2004-01-19T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:01:23.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2003-0094 (GCVE-0-2003-0094)

    Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 01:43
    VLAI
    Summary
    A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.mandrakesoft.com/security/advisories?n… vendor-advisoryx_refsource_MANDRAKE
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/6855 vdb-entryx_refsource_BID
    Date Public
    2003-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:43:35.603Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDKSA-2003:016",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016"
              },
              {
                "name": "utillinux-mcookie-cookie-predictable(11318)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318"
              },
              {
                "name": "6855",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6855"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2003-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2004-08-11T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "MDKSA-2003:016",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016"
            },
            {
              "name": "utillinux-mcookie-cookie-predictable(11318)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318"
            },
            {
              "name": "6855",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6855"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2003-0094",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "MDKSA-2003:016",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016"
                },
                {
                  "name": "utillinux-mcookie-cookie-predictable(11318)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318"
                },
                {
                  "name": "6855",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6855"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2003-0094",
        "datePublished": "2004-09-01T04:00:00.000Z",
        "dateReserved": "2003-02-14T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:43:35.603Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1147 (GCVE-0-2001-1147)

    Vulnerability from cvelistv5 – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:44
    VLAI
    Summary
    The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.iss.net/security_center/static/7266.php vdb-entryx_refsource_XF
    http://www.ciac.org/ciac/bulletins/m-009.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.redhat.com/support/errata/RHSA-2001-132.html vendor-advisoryx_refsource_REDHAT
    http://www.novell.com/linux/security/advisories/2… vendor-advisoryx_refsource_SUSE
    http://www.securityfocus.com/bid/3415 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/219175 mailing-listx_refsource_BUGTRAQ
    http://www.linux-mandrake.com/en/security/2001/MD… vendor-advisoryx_refsource_MANDRAKE
    Date Public
    2001-10-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:44:08.106Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "utillinux-pamlimits-gain-privileges(7266)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "http://www.iss.net/security_center/static/7266.php"
              },
              {
                "name": "M-009",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/m-009.shtml"
              },
              {
                "name": "RHSA-2001:132",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
              },
              {
                "name": "SuSE-SA:2001:034",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html"
              },
              {
                "name": "3415",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3415"
              },
              {
                "name": "20011008 pam_limits.so Bug!!",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/219175"
              },
              {
                "name": "MDKSA-2001:084",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-10-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-03-22T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "utillinux-pamlimits-gain-privileges(7266)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "http://www.iss.net/security_center/static/7266.php"
            },
            {
              "name": "M-009",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/m-009.shtml"
            },
            {
              "name": "RHSA-2001:132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
            },
            {
              "name": "SuSE-SA:2001:034",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html"
            },
            {
              "name": "3415",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3415"
            },
            {
              "name": "20011008 pam_limits.so Bug!!",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/219175"
            },
            {
              "name": "MDKSA-2001:084",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1147",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "utillinux-pamlimits-gain-privileges(7266)",
                  "refsource": "XF",
                  "url": "http://www.iss.net/security_center/static/7266.php"
                },
                {
                  "name": "M-009",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/m-009.shtml"
                },
                {
                  "name": "RHSA-2001:132",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
                },
                {
                  "name": "SuSE-SA:2001:034",
                  "refsource": "SUSE",
                  "url": "http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html"
                },
                {
                  "name": "3415",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3415"
                },
                {
                  "name": "20011008 pam_limits.so Bug!!",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/219175"
                },
                {
                  "name": "MDKSA-2001:084",
                  "refsource": "MANDRAKE",
                  "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1147",
        "datePublished": "2002-06-25T04:00:00.000Z",
        "dateReserved": "2002-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:44:08.106Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1175 (GCVE-0-2001-1175)

    Vulnerability from cvelistv5 – Published: 2002-06-25 04:00 – Updated: 2024-08-08 04:44
    VLAI
    Summary
    vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2001-07-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:44:08.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "vipw-world-readable-files(6851)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6851"
              },
              {
                "name": "3036",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3036"
              },
              {
                "name": "RHSA-2001:132",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
              },
              {
                "name": "RHSA-2001:095",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://www.redhat.com/support/errata/RHSA-2001-095.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-07-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-03-22T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "vipw-world-readable-files(6851)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6851"
            },
            {
              "name": "3036",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3036"
            },
            {
              "name": "RHSA-2001:132",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
            },
            {
              "name": "RHSA-2001:095",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2001-095.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "vipw-world-readable-files(6851)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6851"
                },
                {
                  "name": "3036",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3036"
                },
                {
                  "name": "RHSA-2001:132",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2001-132.html"
                },
                {
                  "name": "RHSA-2001:095",
                  "refsource": "REDHAT",
                  "url": "http://www.redhat.com/support/errata/RHSA-2001-095.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1175",
        "datePublished": "2002-06-25T04:00:00.000Z",
        "dateReserved": "2002-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:44:08.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }