Executive Summary
Summary | |
---|---|
Title | New shadow packages fix privilege escalation |
Informations | |||
---|---|---|---|
Name | DSA-1150 | First vendor Publication | 2006-08-12 |
Vendor | Debian | Last vendor Modification | 2006-08-12 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A bug has been discovered in several packages that execute teh setuid() system call without checking for sucess when trying to drop privileges, which may fail with some PAM configurations. For the stable distribution (sarge) this problem has been fixed in version 4.0.3-31sarge8. For the unstable distribution (sid) this problem has been fixed in version 4.0.17-2. We recommend that you upgrade your passwd package. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1150 |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 1150-1 (shadow) File : nvt/deb_1150_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
26995 | shadow setuid Failure Local Privilege Escalation Shadow contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when passwd, called with the -f, -g, or -s option, did not check the result of the 'setuid' call. This flaw may lead to a loss of Confidentiality and Integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-308-1.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1150.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:07 |
|