RSS   Podatności dla 'Util-linux'   RSS

2018-03-06
 
CVE-2018-7738

CWE-noinfo
 

 
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.

 
2017-03-31
 
CVE-2014-9114

CWE-77
 

 
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

 
2017-02-07
 
CVE-2016-2779

CWE-264
 

 
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

 
2015-11-09
 
CVE-2015-5218

CWE-119
 

 
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.

 
2014-01-21
 
CVE-2013-0157

CWE-200
 

 
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.

 

 >>> Vendor: Kernel 5 Produkty
Linux kernel
Linux
Linux-pam
UDEV
Util-linux


Copyright 2020, cxsecurity.com

 

Back to Top