Lucene search

[email protected]CVE-2002-1669

HistoryJun 21, 2005 - 4:00 a.m.

CVE-2002-1669

2005-06-2104:00:00

[email protected]

web.nvd.nist.gov

cve-2002-1669

pkg_add

freebsd

security

vulnerability

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with world-searchable permissions, which may allow local users to modify world-writable parts of the package during installation.

Affected configurations

NVD

Node

freebsdfreebsdMatch4.2

freebsdfreebsdMatch4.3

freebsdfreebsdMatch4.4

CPENameOperatorVersion
freebsd:freebsdfreebsdeq4.2
freebsd:freebsdfreebsdeq4.3
freebsd:freebsdfreebsdeq4.4

CPE	Name	Operator	Version
freebsd:freebsd	freebsd	eq	4.2
freebsd:freebsd	freebsd	eq	4.3
freebsd:freebsd	freebsd	eq	4.4

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:01.pkg_add.asc

www.securityfocus.com/bid/3819

exchange.xforce.ibmcloud.com/vulnerabilities/7852

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2002-1669

nvd1 cvelist1