Andries Brouwer Util-linux — known CVE vulnerabilities
Every CVE whose affected-product data names Andries Brouwer Util-linux, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2001-1147 — CVSS 7.2 (high): The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM…
CVE-2001-1175 — CVSS 7.2 (high): vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local…
CVE-2005-2876 — CVSS 7.2 (high): umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount…
CVE-2003-0094 — CVSS 5.0 (medium): A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie…
CVE-2004-0080 — CVSS 5.0 (medium): The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak…
CVE-2006-7108 — CVSS 4.1 (medium): login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has…