Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Util\-Linux
(Kernel)| Repositories |
• https://github.com/karelzak/util-linux
• https://github.com/kerolasa/lelux-utiliteetit |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-23 | CVE-2021-3995 | A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | Fedora, Util\-Linux | 5.5 | ||
| 2022-08-23 | CVE-2021-3996 | A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | Fedora, Util\-Linux | 5.5 | ||
| 2001-12-31 | CVE-2001-1494 | script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command. | Cvlan, Integrated_management_suit, Interactive_response, Intuity_lx, Message_networking, Messaging_storage_server, Util\-Linux | 5.5 | ||
| 2007-10-04 | CVE-2007-5191 | mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs. | Ubuntu_linux, Debian_linux, Fedora, Util\-Linux, Loop\-Aes\-Utils | N/A | ||
| 2017-03-31 | CVE-2014-9114 | Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | Fedora, Util\-Linux, Opensuse | 7.8 | ||
| 2017-04-11 | CVE-2016-5011 | The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset. | Power_hardware_management_console, Powerkvm, Util\-Linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation | N/A | ||
| 2017-08-23 | CVE-2015-5224 | The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. | Util\-Linux | N/A | ||
| 2017-02-07 | CVE-2016-2779 | runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | Util\-Linux | 7.8 | ||
| 2015-11-09 | CVE-2015-5218 | Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. | Util\-Linux, Opensuse, Leap | N/A | ||
| 2014-01-21 | CVE-2013-0157 | (a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists. | Util\-Linux | N/A |