CVE-2006-3378

NameCVE-2006-3378
Descriptionpasswd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1150-1
NVD severityhigh (attack range: local)
Debian Bugs379174

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
shadow (PTS)wheezy1:4.1.5.1-1fixed
wheezy (security)1:4.1.5.1-1+deb7u1fixed
jessie (security), jessie1:4.2-3+deb8u4fixed
stretch1:4.4-4.1fixed
buster, sid1:4.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
shadowsource(unstable)1:4.0.14-1high379174
shadowsourcesarge1:4.0.3-31sarge8highDSA-1150-1

Search for package or bug name: Reporting problems