RSS   Vulnerabilities for 'Util-linux'   RSS

2011-04-09
 
CVE-2011-1677

CWE-noinfo
 

 
mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.

 
 
CVE-2011-1676

CWE-264
 

 
mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations.

 
 
CVE-2011-1675

CWE-399
 

 
mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

 
2008-04-24
 
CVE-2008-1926

CWE-94
 

 
Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."

 

 >>> Vendor: Linux 10 Products
Linux kernel
Kernel
Audit
Util-linux
Direct connect
Ipsec tools racoon daemon
Systemd
Linux kernel-rt
Linux kernel i40e/i40evf
Linux kernel ixgbe


Copyright 2019, cxsecurity.com

 

Back to Top