DEBIAN-CVE-2006-3378
- Source
- https://security-tracker.debian.org/tracker/CVE-2006-3378
- Import Source
- https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2006-3378.json
- JSON Data
- https://api.osv.dev/v1/vulns/DEBIAN-CVE-2006-3378
- Upstream
- Downstream
- Published
- 2006-07-06T20:05:00Z
- Modified
- 2025-11-19T01:04:40.624398Z
- Summary
- [none]
- Details
-
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.
- References
Affected packages
Debian:11 / shadow
Package
- Name
- shadow
- Purl
- pkg:deb/debian/shadow?arch=source
Debian:12 / shadow
Package
- Name
- shadow
- Purl
- pkg:deb/debian/shadow?arch=source
Debian:13 / shadow
Package
- Name
- shadow
- Purl
- pkg:deb/debian/shadow?arch=source
Debian:14 / shadow
Package
- Name
- shadow
- Purl
- pkg:deb/debian/shadow?arch=source