RSS   Vulnerabilities for 'Util-linux'   RSS

2018-07-27
 
CVE-2017-2616

CWE-362
 

 
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

 
2018-03-06
 
CVE-2018-7738

CWE-noinfo
 

 
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.

 
2017-08-23
 
CVE-2015-5224

 

 
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.

 
2017-04-11
 
CVE-2016-5011

 

 
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

 
2017-03-31
 
CVE-2014-9114

CWE-77
 

 
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

 
2017-02-07
 
CVE-2016-2779

CWE-264
 

 
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

 


Copyright 2024, cxsecurity.com

 

Back to Top