CVE-2002-0638

Published Aug 12, 2002

Last updated 8 years ago

Overview

Description: setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.2
Impact score: 10
Exploitability score: 1.9
Vector string: AV:L/AC:H/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B345284D-6842-47C0-B823-B5DDC30CC8A6"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4853E92-5E0A-47B9-A343-D5BEE87D2C27"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B28763D-8F4B-45E5-82FA-AB7E54C18EBF"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "205EF72B-7334-4AE0-9CA6-D2E8E5910C8E"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "613A22EC-D93C-48B0-B97C-3E0DDFBD0B62"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEB99324-3062-426F-8E2F-44DC3A7ADB2A"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DFA94D5-0139-490C-8257-0751FE9FBAE4"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:6.0:*:alpha:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6931FB54-A163-4CE3-BBD9-D345AA0977A6"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:6.0:*:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5ABD1331-277C-4C31-8186-978243C62255"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EC4D3AB-38FA-4D44-AF5C-2DCD15994E76"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:6.1:*:alpha:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C89454B9-4F45-4A42-A06D-ED42D893C544"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:6.1:*:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E64093E-7D53-4238-95C3-48ED5A0FFD97"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:7.2:*:alpha:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EAAC51F-9DC5-4026-8147-1B74975D6183"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7"
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References