Search for packages
| purl | pkg:deb/debian/util-linux@2.12r-19etch1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1fkf-pg88-67gm
Aliases: CVE-2011-1675 |
mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. |
Affected by 13 other vulnerabilities. |
|
VCID-1y4y-wz8e-b7ap
Aliases: CVE-2020-21583 |
util-linux: arbitrary commands execution via the path parameter |
Affected by 6 other vulnerabilities. |
|
VCID-3cgb-jerk-2yeh
Aliases: CVE-2007-5191 |
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. |
Affected by 16 other vulnerabilities. |
|
VCID-3qrr-p9p3-9qh9
Aliases: CVE-2016-5011 |
The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. |
Affected by 6 other vulnerabilities. |
|
VCID-6mg5-v1v5-7fcm
Aliases: CVE-2015-5224 |
The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. |
Affected by 6 other vulnerabilities. |
|
VCID-8sfz-3j1k-9qdc
Aliases: CVE-2011-1677 |
mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. |
Affected by 13 other vulnerabilities. |
|
VCID-a48f-8j4j-c3c3
Aliases: CVE-2014-9114 |
Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. |
Affected by 11 other vulnerabilities. |
|
VCID-atkm-qtr6-skbz
Aliases: CVE-2021-3995 |
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. |
Affected by 2 other vulnerabilities. |
|
VCID-bfgu-fqvj-qua8
Aliases: CVE-2024-28085 |
util-linux: CVE-2024-28085: wall: escape sequence injection |
Affected by 2 other vulnerabilities. |
|
VCID-dpqu-apb4-vbbb
Aliases: CVE-2006-7108 |
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok. |
Affected by 15 other vulnerabilities. |
|
VCID-ev6y-u4sw-7ba7
Aliases: CVE-2015-5218 |
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. |
Affected by 6 other vulnerabilities. |
|
VCID-g6x1-5jmt-nufu
Aliases: CVE-2008-1926 |
Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection." |
Affected by 16 other vulnerabilities. |
|
VCID-jykg-cpvb-cbec
Aliases: CVE-2016-2779 |
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. |
Affected by 4 other vulnerabilities. |
|
VCID-nwyr-pbu6-77hv
Aliases: CVE-2021-3996 |
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. |
Affected by 2 other vulnerabilities. |
|
VCID-rn5d-2usk-8fdz
Aliases: CVE-2021-37600 |
arbitrary code execution |
Affected by 2 other vulnerabilities. |
|
VCID-sahz-er9j-7fgd
Aliases: CVE-2018-7738 |
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion. |
Affected by 6 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-wfz4-43wd-2fgc
Aliases: CVE-2013-0157 |
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. |
Affected by 11 other vulnerabilities. |
|
VCID-yb5x-m5sw-6fga
Aliases: (+ CVE-2017-2616 fix) regression |
A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. |
Affected by 6 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||