CVE-2006-3378 — Linux vulnerability

7 documents7 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 82.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Shadow Project Shadow Ubuntu Linux

Timeline

PublishedJul 6

Latest updateMay 1

Description

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶Debianshadow_project/shadow< 1:4.0.14-1+3

Also affects: Ubuntu Linux 5.04, 5.10, 6.06_lts

🔴Vulnerability Details

GHSA

GHSA-34pj-cg9w-gxv3: passwd command in shadow in Ubuntu 5↗2022-05-01

▶

OSV

CVE-2006-3378: passwd command in shadow in Ubuntu 5↗2006-07-06

▶

CVEList

CVE-2006-3378: passwd command in shadow in Ubuntu 5↗2006-07-06

▶

📋Vendor Advisories

Ubuntu

shadow vulnerability↗2006-07-06

▶

Debian

CVE-2006-3378: shadow - passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -...↗2006

▶

Red Hat

CVE-2006-3378: passwd command in shadow in Ubuntu 5↗

▶