QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-3378

Back to search

CVE-2006-3378

Published: Jul 6, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

VendorProductVersions

n/a

n/a

affected
n/a

References

21480
third-party-advisory
x_refsource_SECUNIA
26995
vdb-entry
x_refsource_OSVDB
DSA-1150
vendor-advisory
x_refsource_DEBIAN
USN-308-1
vendor-advisory
x_refsource_UBUNTU
18850
vdb-entry
x_refsource_BID
20966
third-party-advisory
x_refsource_SECUNIA
20950
third-party-advisory
x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now