← Back

CVE-2006-3378

nvd nist
Published: Jul 6, 2006Modified: Apr 16, 2026

JSON object

Loading...
7.2
Vector
AV:L/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 3.9 / Impact: 10.0
Source: NVD

Description

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

Affected (11)

Products: Ubuntu: Ubuntu Linux
Ubuntu
1 product
Ubuntu Linux
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
Ubuntu
Ubuntu Linux
Version 5.04
Ubuntu Linux
Version 5.04
Ubuntu Linux
Version 5.04
Ubuntu Linux
Version 5.10
Ubuntu Linux
Version 5.10
Ubuntu Linux
Version 5.10
Ubuntu Linux
Version 5.10
Ubuntu Linux
Version 6.06_lts
Ubuntu Linux
Version 6.06_lts
Ubuntu Linux
Version 6.06_lts
Ubuntu Linux
Version 6.06_lts

References (14)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.