Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3378

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-3378
Last Modified 05 Sep 2008 05:06:57
Published 06 Jul 2006 04:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-3378

Summary

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

Vulnerable Systems

Operating System

  • Ubuntu Linux 5.04

  • Ubuntu Linux 5.10

  • Ubuntu Linux 6.06 Lts


References

UBUNTU - USN-308-1

BID - 18850

OSVDB - 26995

SECUNIA - 20966

SECUNIA - 20950

DEBIAN - DSA-1150

SECUNIA - 21480


Last Updated: 27 May 2016 10:42:58