7.2
CVE-2006-3378
- EPSS 0.06%
- Published 06.07.2006 20:05:00
- Last modified 03.04.2025 01:03:51
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.
Data is provided by the National Vulnerability Database (NVD)
Ubuntu ≫ Ubuntu Linux Version5.04 Editionamd64
Ubuntu ≫ Ubuntu Linux Version5.04 Editioni386
Ubuntu ≫ Ubuntu Linux Version5.04 Editionpowerpc
Ubuntu ≫ Ubuntu Linux Version5.10 Editionamd64
Ubuntu ≫ Ubuntu Linux Version5.10 Editioni386
Ubuntu ≫ Ubuntu Linux Version5.10 Editionpowerpc
Ubuntu ≫ Ubuntu Linux Version5.10 Editionsparc
Ubuntu ≫ Ubuntu Linux Version6.06_lts Editionamd64
Ubuntu ≫ Ubuntu Linux Version6.06_lts Editioni386
Ubuntu ≫ Ubuntu Linux Version6.06_lts Editionpowerpc
Ubuntu ≫ Ubuntu Linux Version6.06_lts Editionsparc
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.142 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|