CVE-2002-0638 - Vulnerability Details

Vendors	Products
Hp	Secure Os
Mandrakesoft	Mandrake Linux Mandrake Linux Corporate Server Mandrake Single Network Firewall
Redhat	Enterprise Linux Linux

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2002:137	2002-07-29T00:00:00Z
Red Hat Linux 6.2
	cpe:/o:redhat:linux:6.2	RHSA-2002:132	2002-07-29T00:00:00Z
Red Hat Linux 7.0
	cpe:/o:redhat:linux:7.0	RHSA-2002:132	2002-07-29T00:00:00Z
Red Hat Linux 7.1
	cpe:/o:redhat:linux:7.1	RHSA-2002:132	2002-07-29T00:00:00Z
Red Hat Linux 7.2
	cpe:/o:redhat:linux:7.2	RHSA-2002:132	2002-07-29T00:00:00Z
Red Hat Linux 7.3
	cpe:/o:redhat:linux:7.3	RHSA-2002:132	2002-07-29T00:00:00Z

Link	Providers
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt
http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523
http://marc.info/?l=bugtraq&m=102795787713996&w=2
http://online.securityfocus.com/advisories/4320
http://rhn.redhat.com/errata/RHSA-2002-132.html
http://www.iss.net/security_center/static/9709.php
http://www.kb.cert.org/vuls/id/405955
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
http://www.osvdb.org/5164
http://www.redhat.com/support/errata/RHSA-2002-137.html
http://www.securityfocus.com/bid/5344
https://nvd.nist.gov/vuln/detail/CVE-2002-0638
https://www.cve.org/CVERecord?id=CVE-2002-0638

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2003-03-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "CSSA-2002-043.0", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"}, {"name": "5344", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/5344"}, {"name": "utillinux-chfn-race-condition(9709)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/9709.php"}, {"name": "MDKSA-2002:047", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"}, {"name": "RHSA-2002:132", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"}, {"name": "VU#405955", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/405955"}, {"name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability", "tags": ["mailing-list", "x_refsource_VULNWATCH"], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"}, {"name": "CLA-2002:523", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523"}, {"name": "HPSBTL0207-054", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://online.securityfocus.com/advisories/4320"}, {"name": "20020730 TSLSA-2002-0064 - util-linux", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"}, {"name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=102795787713996&w=2"}, {"name": "RHSA-2002:137", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"}, {"name": "5164", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/5164"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0638", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "CSSA-2002-043.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"}, {"name": "5344", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5344"}, {"name": "utillinux-chfn-race-condition(9709)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/9709.php"}, {"name": "MDKSA-2002:047", "refsource": "MANDRAKE", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"}, {"name": "RHSA-2002:132", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"}, {"name": "VU#405955", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/405955"}, {"name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"}, {"name": "CLA-2002:523", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523"}, {"name": "HPSBTL0207-054", "refsource": "HP", "url": "http://online.securityfocus.com/advisories/4320"}, {"name": "20020730 TSLSA-2002-0064 - util-linux", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"}, {"name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=102795787713996&w=2"}, {"name": "RHSA-2002:137", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"}, {"name": "5164", "refsource": "OSVDB", "url": "http://www.osvdb.org/5164"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:56:38.516Z"}, "title": "CVE Program Container", "references": [{"name": "CSSA-2002-043.0", "tags": ["vendor-advisory", "x_refsource_CALDERA", "x_transferred"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"}, {"name": "5344", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/5344"}, {"name": "utillinux-chfn-race-condition(9709)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/9709.php"}, {"name": "MDKSA-2002:047", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"}, {"name": "RHSA-2002:132", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"}, {"name": "VU#405955", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/405955"}, {"name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability", "tags": ["mailing-list", "x_refsource_VULNWATCH", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"}, {"name": "CLA-2002:523", "tags": ["vendor-advisory", "x_refsource_CONECTIVA", "x_transferred"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523"}, {"name": "HPSBTL0207-054", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://online.securityfocus.com/advisories/4320"}, {"name": "20020730 TSLSA-2002-0064 - util-linux", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"}, {"name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=102795787713996&w=2"}, {"name": "RHSA-2002:137", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"}, {"name": "5164", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/5164"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0638", "datePublished": "2003-04-02T05:00:00", "dateReserved": "2002-06-27T00:00:00", "dateUpdated": "2024-08-08T02:56:38.516Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2002-07-29T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2003-03-21T00:00:00 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : CSSA-2002-043.0 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CALDERA (string)

]

url : ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt (string)

}

1 : { »

name : 5344 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/5344 (string)

}

2 : { »

name : utillinux-chfn-race-condition(9709) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : http://www.iss.net/security_center/static/9709.php (string)

}

3 : { »

name : MDKSA-2002:047 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRAKE (string)

]

url : http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php (string)

}

4 : { »

name : RHSA-2002:132 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2002-132.html (string)

}

5 : { »

name : VU#405955 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

]

url : http://www.kb.cert.org/vuls/id/405955 (string)

}

6 : { »

name : 20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_VULNWATCH (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html (string)

}

7 : { »

name : CLA-2002:523 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CONECTIVA (string)

]

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523 (string)

}

8 : { »

name : HPSBTL0207-054 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://online.securityfocus.com/advisories/4320 (string)

}

9 : { »

name : 20020730 TSLSA-2002-0064 - util-linux (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html (string)

}

10 : { »

name : 20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://marc.info/?l=bugtraq&m=102795787713996&w=2 (string)

}

11 : { »

name : RHSA-2002:137 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://www.redhat.com/support/errata/RHSA-2002-137.html (string)

}

12 : { »

name : 5164 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

]

url : http://www.osvdb.org/5164 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2002-0638 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : CSSA-2002-043.0 (string)

refsource : CALDERA (string)

url : ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt (string)

}

1 : { »

name : 5344 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/5344 (string)

}

2 : { »

name : utillinux-chfn-race-condition(9709) (string)

refsource : XF (string)

url : http://www.iss.net/security_center/static/9709.php (string)

}

3 : { »

name : MDKSA-2002:047 (string)

refsource : MANDRAKE (string)

url : http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php (string)

}

4 : { »

name : RHSA-2002:132 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2002-132.html (string)

}

5 : { »

name : VU#405955 (string)

refsource : CERT-VN (string)

url : http://www.kb.cert.org/vuls/id/405955 (string)

}

6 : { »

name : 20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability (string)

refsource : VULNWATCH (string)

url : http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html (string)

}

7 : { »

name : CLA-2002:523 (string)

refsource : CONECTIVA (string)

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523 (string)

}

8 : { »

name : HPSBTL0207-054 (string)

refsource : HP (string)

url : http://online.securityfocus.com/advisories/4320 (string)

}

9 : { »

name : 20020730 TSLSA-2002-0064 - util-linux (string)

refsource : BUGTRAQ (string)

url : http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html (string)

}

10 : { »

name : 20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability (string)

refsource : BUGTRAQ (string)

url : http://marc.info/?l=bugtraq&m=102795787713996&w=2 (string)

}

11 : { »

name : RHSA-2002:137 (string)

refsource : REDHAT (string)

url : http://www.redhat.com/support/errata/RHSA-2002-137.html (string)

}

12 : { »

name : 5164 (string)

refsource : OSVDB (string)

url : http://www.osvdb.org/5164 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-08T02:56:38.516Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : CSSA-2002-043.0 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CALDERA (string)

2 : x_transferred (string)

]

url : ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt (string)

}

1 : { »

name : 5344 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/5344 (string)

}

2 : { »

name : utillinux-chfn-race-condition(9709) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : http://www.iss.net/security_center/static/9709.php (string)

}

3 : { »

name : MDKSA-2002:047 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRAKE (string)

2 : x_transferred (string)

]

url : http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php (string)

}

4 : { »

name : RHSA-2002:132 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2002-132.html (string)

}

5 : { »

name : VU#405955 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

2 : x_transferred (string)

]

url : http://www.kb.cert.org/vuls/id/405955 (string)

}

6 : { »

name : 20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_VULNWATCH (string)

2 : x_transferred (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html (string)

}

7 : { »

name : CLA-2002:523 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CONECTIVA (string)

2 : x_transferred (string)

]

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523 (string)

}

8 : { »

name : HPSBTL0207-054 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://online.securityfocus.com/advisories/4320 (string)

}

9 : { »

name : 20020730 TSLSA-2002-0064 - util-linux (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html (string)

}

10 : { »

name : 20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=102795787713996&w=2 (string)

}

11 : { »

name : RHSA-2002:137 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://www.redhat.com/support/errata/RHSA-2002-137.html (string)

}

12 : { »

name : 5164 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

2 : x_transferred (string)

]

url : http://www.osvdb.org/5164 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2002-0638 (string)

datePublished : 2003-04-02T05:00:00 (string)

dateReserved : 2002-06-27T00:00:00 (string)

dateUpdated : 2024-08-08T02:56:38.516Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*", "matchCriteriaId": "B345284D-6842-47C0-B823-B5DDC30CC8A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "E4853E92-5E0A-47B9-A343-D5BEE87D2C27", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*", "matchCriteriaId": "5B28763D-8F4B-45E5-82FA-AB7E54C18EBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "205EF72B-7334-4AE0-9CA6-D2E8E5910C8E", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "613A22EC-D93C-48B0-B97C-3E0DDFBD0B62", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "DEB99324-3062-426F-8E2F-44DC3A7ADB2A", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2DFA94D5-0139-490C-8257-0751FE9FBAE4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:6.0:*:alpha:*:*:*:*:*", "matchCriteriaId": "6931FB54-A163-4CE3-BBD9-D345AA0977A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:6.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "5ABD1331-277C-4C31-8186-978243C62255", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "2EC4D3AB-38FA-4D44-AF5C-2DCD15994E76", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:6.1:*:alpha:*:*:*:*:*", "matchCriteriaId": "C89454B9-4F45-4A42-A06D-ED42D893C544", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:6.1:*:sparc:*:*:*:*:*", "matchCriteriaId": "1E64093E-7D53-4238-95C3-48ED5A0FFD97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*", "matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*", "matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*", "matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*", "matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.2:*:alpha:*:*:*:*:*", "matchCriteriaId": "6EAAC51F-9DC5-4026-8147-1B74975D6183", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*", "matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh."}, {"lang": "es", "value": "setpwnam.c en el paquete util-linux, como se incluye en Red Hat Linux 7.3 y antieriores, y en otros sistemas operativos, no bloquea adecuadamente un fichero temporal cuando se modifica /etc/passwd, lo que puede permitir a usuarios locales ganar privilegios mediante una compleja condici\u00f3n de carrera que usa un descriptor de fichero abierto en utilidades como chfn y chsh."}], "id": "CVE-2002-0638", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-08-12T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"}, {"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"}, {"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=102795787713996&w=2"}, {"source": "cve@mitre.org", "url": "http://online.securityfocus.com/advisories/4320"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"}, {"source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/9709.php"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/405955"}, {"source": "cve@mitre.org", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/5164"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/5344"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=102795787713996&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://online.securityfocus.com/advisories/4320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/9709.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/405955"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/5164"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/5344"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 7A188467-3856-4599-A2CD-BD2655974B63 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:* (string)

matchCriteriaId : B345284D-6842-47C0-B823-B5DDC30CC8A6 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E4853E92-5E0A-47B9-A343-D5BEE87D2C27 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 3EC1FF5D-5EAB-44D5-B281-770547C70D68 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 4371A667-18E1-4C54-B2E1-6F885F22F213 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:* (string)

matchCriteriaId : 5B28763D-8F4B-45E5-82FA-AB7E54C18EBF (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 205EF72B-7334-4AE0-9CA6-D2E8E5910C8E (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:* (string)

matchCriteriaId : 613A22EC-D93C-48B0-B97C-3E0DDFBD0B62 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:* (string)

matchCriteriaId : DEB99324-3062-426F-8E2F-44DC3A7ADB2A (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 97E09AD9-F057-4264-88BB-A8A18C1B1246 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 2DFA94D5-0139-490C-8257-0751FE9FBAE4 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:redhat:linux:6.0:*:alpha:*:*:*:*:* (string)

matchCriteriaId : 6931FB54-A163-4CE3-BBD9-D345AA0977A6 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:redhat:linux:6.0:*:sparc:*:*:*:*:* (string)

matchCriteriaId : 5ABD1331-277C-4C31-8186-978243C62255 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 2EC4D3AB-38FA-4D44-AF5C-2DCD15994E76 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:redhat:linux:6.1:*:alpha:*:*:*:*:* (string)

matchCriteriaId : C89454B9-4F45-4A42-A06D-ED42D893C544 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:redhat:linux:6.1:*:sparc:*:*:*:*:* (string)

matchCriteriaId : 1E64093E-7D53-4238-95C3-48ED5A0FFD97 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 0633B5A6-7A88-4A96-9462-4C09D124ED36 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:* (string)

matchCriteriaId : 344610A8-DB6D-4407-9304-916C419F648C (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:* (string)

matchCriteriaId : 64775BEF-2E53-43CA-8639-A7E54F6F4222 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 29B186E5-7C2F-466E-AA4A-8F2B618F8A14 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:* (string)

matchCriteriaId : FD6576E2-9F26-4857-9F28-F51899F1EF48 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 1D46E093-1C68-43BB-B281-12117EC8DE0F (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:* (string)

matchCriteriaId : 7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:* (string)

matchCriteriaId : ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:* (string)

matchCriteriaId : E562907F-D915-4030-847A-3C6834A80D4E (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:o:redhat:linux:7.2:*:alpha:*:*:*:*:* (string)

matchCriteriaId : 6EAAC51F-9DC5-4026-8147-1B74975D6183 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:* (string)

matchCriteriaId : 9D47D6FE-56A9-42CF-9A9B-AEE272C061F7 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 138985E6-5107-4E8B-A801-C3D5FE075227 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. (string)

}

1 : { »

lang : es (string)

value : setpwnam.c en el paquete util-linux, como se incluye en Red Hat Linux 7.3 y antieriores, y en otros sistemas operativos, no bloquea adecuadamente un fichero temporal cuando se modifica /etc/passwd, lo que puede permitir a usuarios locales ganar privilegios mediante una compleja condición de carrera que usa un descriptor de fichero abierto en utilidades como chfn y chsh. (string)

}

]

id : CVE-2002-0638 (string)

lastModified : 2025-04-03T01:03:51.193 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : HIGH (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 6.2 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:L/AC:H/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 1.9 (number)

impactScore : 10 (number)

obtainAllPrivilege : true (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2002-08-12T04:00:00.000 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523 (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://marc.info/?l=bugtraq&m=102795787713996&w=2 (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://online.securityfocus.com/advisories/4320 (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2002-132.html (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://www.iss.net/security_center/static/9709.php (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

2 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/405955 (string)

}

9 : { »

source : cve@mitre.org (string)

url : http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php (string)

}

10 : { »

source : cve@mitre.org (string)

url : http://www.osvdb.org/5164 (string)

}

11 : { »

source : cve@mitre.org (string)

url : http://www.redhat.com/support/errata/RHSA-2002-137.html (string)

}

12 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/5344 (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523 (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://marc.info/?l=bugtraq&m=102795787713996&w=2 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://online.securityfocus.com/advisories/4320 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2002-132.html (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.iss.net/security_center/static/9709.php (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

2 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/405955 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.osvdb.org/5164 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.redhat.com/support/errata/RHSA-2002-137.html (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/5344 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2002:137", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1", "release_date": "2002-07-29T00:00:00Z"}, {"advisory": "RHSA-2002:132", "cpe": "cpe:/o:redhat:linux:6.2", "product_name": "Red Hat Linux 6.2", "release_date": "2002-07-29T00:00:00Z"}, {"advisory": "RHSA-2002:132", "cpe": "cpe:/o:redhat:linux:7.0", "product_name": "Red Hat Linux 7.0", "release_date": "2002-07-29T00:00:00Z"}, {"advisory": "RHSA-2002:132", "cpe": "cpe:/o:redhat:linux:7.1", "product_name": "Red Hat Linux 7.1", "release_date": "2002-07-29T00:00:00Z"}, {"advisory": "RHSA-2002:132", "cpe": "cpe:/o:redhat:linux:7.2", "product_name": "Red Hat Linux 7.2", "release_date": "2002-07-29T00:00:00Z"}, {"advisory": "RHSA-2002:132", "cpe": "cpe:/o:redhat:linux:7.3", "product_name": "Red Hat Linux 7.3", "release_date": "2002-07-29T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1616783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616783"}, "csaw": false, "details": ["setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh."], "name": "CVE-2002-0638", "public_date": "2002-07-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2002-0638\nhttps://nvd.nist.gov/vuln/detail/CVE-2002-0638"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2002:137 (string)

cpe : cpe:/o:redhat:enterprise_linux:2.1 (string)

product_name : Red Hat Enterprise Linux AS (Advanced Server) version 2.1 (string)

release_date : 2002-07-29T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2002:132 (string)

cpe : cpe:/o:redhat:linux:6.2 (string)

product_name : Red Hat Linux 6.2 (string)

release_date : 2002-07-29T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2002:132 (string)

cpe : cpe:/o:redhat:linux:7.0 (string)

product_name : Red Hat Linux 7.0 (string)

release_date : 2002-07-29T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2002:132 (string)

cpe : cpe:/o:redhat:linux:7.1 (string)

product_name : Red Hat Linux 7.1 (string)

release_date : 2002-07-29T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2002:132 (string)

cpe : cpe:/o:redhat:linux:7.2 (string)

product_name : Red Hat Linux 7.2 (string)

release_date : 2002-07-29T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2002:132 (string)

cpe : cpe:/o:redhat:linux:7.3 (string)

product_name : Red Hat Linux 7.3 (string)

release_date : 2002-07-29T00:00:00Z (string)

}

]

bugzilla : { »

description : security flaw (string)

id : 1616783 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1616783 (string)

}

csaw : false (boolean)

details : [ »

0 : setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. (string)

]

name : CVE-2002-0638 (string)

public_date : 2002-07-29T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2002-0638 https://nvd.nist.gov/vuln/detail/CVE-2002-0638 (string)

]

threat_severity : Moderate (string)

}

Metrics

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object