CVE-2006-3378
published 2006-07-06CVE-2006-3378: passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might…
high7.2CVSS 3.1
AVLACLAuNCCICAC
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | shadow | < shadow 1:4.0.14-1 (bookworm) | shadow 1:4.0.14-1 (bookworm) |
| shadow_project | shadow | >= 0 < 1:4.0.14-1 | 1:4.0.14-1 |
| shadow_project | shadow | >= 0 < 1:4.0.14-1 | 1:4.0.14-1 |
| shadow_project | shadow | >= 0 < 1:4.0.14-1 | 1:4.0.14-1 |
| shadow_project | shadow | >= 0 < 1:4.0.14-1 | 1:4.0.14-1 |
| ubuntu | ubuntu_linux | — | — |
| ubuntu | ubuntu_linux | — | — |
| ubuntu | ubuntu_linux | — | — |
CVSS provenance
nvd7.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH