7.2
CVE-2006-3378
- EPSS 0.34%
- Veröffentlicht 06.07.2006 20:05:00
- Zuletzt bearbeitet 16.06.2026 22:26:56
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ubuntu ≫ Ubuntu Linux Version5.04 Editionamd64
Ubuntu ≫ Ubuntu Linux Version5.04 Editioni386
Ubuntu ≫ Ubuntu Linux Version5.04 Editionpowerpc
Ubuntu ≫ Ubuntu Linux Version5.10 Editionamd64
Ubuntu ≫ Ubuntu Linux Version5.10 Editioni386
Ubuntu ≫ Ubuntu Linux Version5.10 Editionpowerpc
Ubuntu ≫ Ubuntu Linux Version5.10 Editionsparc
Ubuntu ≫ Ubuntu Linux Version6.06_lts Editionamd64
Ubuntu ≫ Ubuntu Linux Version6.06_lts Editioni386
Ubuntu ≫ Ubuntu Linux Version6.06_lts Editionpowerpc
Ubuntu ≫ Ubuntu Linux Version6.06_lts Editionsparc
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.257 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
http://secunia.com/advisories/20950
http://secunia.com/advisories/20966
http://secunia.com/advisories/21480
http://www.debian.org/security/2006/dsa-1150
http://www.osvdb.org/26995
http://www.securityfocus.com/bid/18850
http://www.ubuntu.com/usn/usn-308-1