Linux Util-Linux vulnerabilities

CVE-2017-2616 [MEDIUM] CWE-267 CVE-2017-2616: A race condition was found in util-linux before 2.32.1 in the way su handled the management of child A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.

CVE-2011-1677 [MEDIUM] CVE-2011-1677: mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.

CVE-2011-1676 [LOW] CWE-264 CVE-2011-1676: mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt t mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations.

CVE-2011-1675 [LOW] CVE-2011-1675: mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first chec mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.

CVE-2008-1926 [HIGH] CWE-94 CVE-2008-1926: Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier ma Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."