[email protected]CVE-2002-0638

HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0638

2002-08-1204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-0638

util-linux

red hat linux 7.3

local privilege escalation

race condition

security vulnerability

6.6 Medium

AI Score

Confidence

Low

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

71.7%

JSON

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.

CPENameOperatorVersion
mandrakesoft:mandrake_single_network_firewallmandrakesoft mandrake single network firewalleq7.2
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq7.2
redhat:linuxredhat linuxeq6.1
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq8.2
redhat:linuxredhat linuxeq7.0
redhat:linuxredhat linuxeq6.2
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq7.0
redhat:linuxredhat linuxeq6.0
redhat:linuxredhat linuxeq7.2
mandrakesoft:mandrake_linuxmandrakesoft mandrake linuxeq8.1

CPE	Name	Operator	Version
mandrakesoft:mandrake_single_network_firewall	mandrakesoft mandrake single network firewall	eq	7.2
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	7.2
redhat:linux	redhat linux	eq	6.1
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	8.2
redhat:linux	redhat linux	eq	7.0
redhat:linux	redhat linux	eq	6.2
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	7.0
redhat:linux	redhat linux	eq	6.0
redhat:linux	redhat linux	eq	7.2
mandrakesoft:mandrake_linux	mandrakesoft mandrake linux	eq	8.1

Rows per page:

1-10 of 161

References

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt

archives.neohapsis.com/archives/bugtraq/2002-07/0357.html

archives.neohapsis.com/archives/bugtraq/2002-07/0396.html

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523

marc.info/?l=bugtraq&m=102795787713996&w=2

online.securityfocus.com/advisories/4320

rhn.redhat.com/errata/RHSA-2002-132.html

www.iss.net/security_center/static/9709.php

www.kb.cert.org/vuls/id/405955

www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php

www.osvdb.org/5164

www.redhat.com/support/errata/RHSA-2002-137.html

www.securityfocus.com/bid/5344

6.6 Medium

AI Score

Confidence

Low

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

71.7%

JSON

Related for CVE-2002-0638

securityvulns1 nessus2 cert1