Published: 06/07/2006 Updated: 05/09/2008

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

passwd command in shadow in Ubuntu 5.04 up to and including 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ubuntu ubuntu linux 5.10
ubuntu ubuntu linux 6.06_lts
ubuntu ubuntu linux 5.04

Debian Bug report logs - #379174 shadow: CVE-2006-3378 Package: passwd; Maintainer for passwd is Shadow package maintainers <pkg-shadow-devel@listsaliothdebianorg>; Source for passwd is src:shadow (PTS, buildd, popcon) Reported by: Henry Jensen <jensen@scan-plusde> Date: Fri, 21 Jul 2006 23:04:02 UTC Severity: g ...

Ilja van Sprundel discovered that passwd, when called with the -f, -g, or -s option, did not check the result of the setuid() call On systems that configure PAM limits for the maximum number of user processes, a local attacker could exploit this to execute chfn, gpasswd, or chsh with root privileges ...

NVD-CWE-Other http://www.ubuntu.com/usn/usn-308-1 http://www.securityfocus.com/bid/18850 http://secunia.com/advisories/20966 http://secunia.com/advisories/20950 http://www.osvdb.org/26995 http://www.debian.org/security/2006/dsa-1150 http://secunia.com/advisories/21480 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=379174 https://usn.ubuntu.com/308-1/https://nvd.nist.gov

CVE-2006-3378

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect