CVE-2006-3378 - OpenCVE

passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ubuntu	Ubuntu Linux

Configuration 1 [-]

OR	cpe:2.3:o:ubuntu:ubuntu_linux:5.04::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.04::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.04::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:5.10::sparc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::amd64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::i386:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::powerpc:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts::sparc:::::

No data.

References

Link	Providers
http://secunia.com/advisories/20950
http://secunia.com/advisories/20966
http://secunia.com/advisories/21480
http://www.debian.org/security/2006/dsa-1150
http://www.osvdb.org/26995
http://www.securityfocus.com/bid/18850
http://www.ubuntu.com/usn/usn-308-1

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-06T20:00:00

Updated: 2024-08-07T18:23:21.269Z

Reserved: 2006-07-06T00:00:00

Link: CVE-2006-3378

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2006-07-06T20:05:00.000

Modified: 2008-09-05T21:06:57.297

Link: CVE-2006-3378

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-05T00:00:00", "descriptions": [{"lang": "en", "value": "passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2006-07-13T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21480", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21480"}, {"name": "26995", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/26995"}, {"name": "DSA-1150", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1150"}, {"name": "USN-308-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-308-1"}, {"name": "18850", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18850"}, {"name": "20966", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20966"}, {"name": "20950", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20950"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3378", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21480", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21480"}, {"name": "26995", "refsource": "OSVDB", "url": "http://www.osvdb.org/26995"}, {"name": "DSA-1150", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1150"}, {"name": "USN-308-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-308-1"}, {"name": "18850", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18850"}, {"name": "20966", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20966"}, {"name": "20950", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20950"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:23:21.269Z"}, "title": "CVE Program Container", "references": [{"name": "21480", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21480"}, {"name": "26995", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/26995"}, {"name": "DSA-1150", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1150"}, {"name": "USN-308-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-308-1"}, {"name": "18850", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18850"}, {"name": "20966", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20966"}, {"name": "20950", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20950"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3378", "datePublished": "2006-07-06T20:00:00", "dateReserved": "2006-07-06T00:00:00", "dateUpdated": "2024-08-07T18:23:21.269Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*", "matchCriteriaId": "3BD12488-1ED8-4751-ABF5-3578D54750A8", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*", "matchCriteriaId": "AE3733CF-4C88-443C-9B90-6477C9C500D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*", "matchCriteriaId": "9C500A75-D75E-45B4-B582-0F0DF27C3C04", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*", "matchCriteriaId": "86FD134D-A5C5-4B08-962D-70CF07C74923", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*", "matchCriteriaId": "FA84692E-F99D-4207-B4F2-799A6ADB88AD", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*", "matchCriteriaId": "8B0F1091-4B76-44F5-B896-6D37E2F909A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:sparc:*:*:*:*:*", "matchCriteriaId": "EF15862D-6108-4791-8817-622123C8D10C", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:amd64:*:*:*:*:*", "matchCriteriaId": "F1672825-AB87-4402-A628-B33AE5B7D4C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:i386:*:*:*:*:*", "matchCriteriaId": "939216D8-9E6C-419E-BC0A-EC7F0F29CE95", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:powerpc:*:*:*:*:*", "matchCriteriaId": "E520564E-964D-4758-945B-5EF0C35E605C", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:sparc:*:*:*:*:*", "matchCriteriaId": "2294D5A7-7B36-497A-B0F1-514BC49E1423", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits."}, {"lang": "es", "value": "Comando passwd en shadow, en Ubuntu 5.04 through 6.06 LTS, cuando se pasa como par\u00e1metro \u2013f, -g o \u2013s, no comprueba el c\u00f3digo de retorno de una llamada seguid, lo que podr\u00eda provocar que usuarios locales obtuvieran privilegios de administrador (root) si seguid falla en casos como errores PAM o l\u00edmite de recursos."}], "id": "CVE-2006-3378", "lastModified": "2008-09-05T21:06:57.297", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-06T20:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20950"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20966"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21480"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-1150"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/26995"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18850"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-308-1"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "This issue affects the version of the passwd command from the shadow-utils package. Red Hat Enterprise Linux 2.1, 3, and 4 are not vulnerable to this issue.", "lastModified": "2006-08-16T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}