CVE Vulnerabilities

CVE-2006-3378

Published: Jul 06, 2006 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

Affected Software

Name Vendor Start Version End Version
Ubuntu_linux Ubuntu 5.10 5.10
Ubuntu_linux Ubuntu 6.06_lts 6.06_lts
Ubuntu_linux Ubuntu 5.04 5.04
Ubuntu_linux Ubuntu 5.10 5.10
Ubuntu_linux Ubuntu 5.04 5.04
Ubuntu_linux Ubuntu 5.10 5.10
Ubuntu_linux Ubuntu 5.10 5.10
Ubuntu_linux Ubuntu 6.06_lts 6.06_lts
Ubuntu_linux Ubuntu 6.06_lts 6.06_lts
Ubuntu_linux Ubuntu 6.06_lts 6.06_lts
Ubuntu_linux Ubuntu 5.04 5.04

References