Ubuntu Security Notice (C) 2006-2013 Canonical, Inc. / NASL script (C) 2007-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Ilja van Sprundel discovered that passwd, when called with the -f, -g,
or -s option, did not check the result of the setuid() call. On
systems that configure PAM limits for the maximum number of user
processes, a local attacker could exploit this to execute chfn,
gpasswd, or chsh with root privileges.
This does not affect the default configuration of Ubuntu.
Update the affected login and / or passwd packages.
Risk factor :
High / CVSS Base Score : 7.2
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 27883 ()
CVE ID: CVE-2006-3378