VDB
CVE-2002-0638
CVE-2002-0638
PUBLISHED
CVSS 6.199999809265137 MEDIUM
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
EPSS 0.09% · 24.6th percentile
Risk Scores
CVSS 2.0
6.199999809265137
EPSS Score
0.09%
24.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| hp | secure_os | 1.0 |
| mandrakesoft | mandrake_linux | 8.1, 8.1, 8.2 |
| mandrakesoft | mandrake_linux_corporate_server | 1.0.1 |
| redhat | linux | 7.1, 7.1, 7.2 |
| mandrakesoft | mandrake_single_network_firewall | 7.2 |
| n/a | n/a | n/a |
Timeline
- Jul 29, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- CSSA-2002-043.0 vendor-advisory
- 5344 vdb
- utillinux-chfn-race-condition(9709) vdb
- MDKSA-2002:047 vendor-advisory
- RHSA-2002:132 vendor-advisory
- VU#405955 third-party-advisory
- 20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability mailing-list
- CLA-2002:523 vendor-advisory
- HPSBTL0207-054 vendor-advisory
- 20020730 TSLSA-2002-0064 - util-linux mailing-list
- 20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability mailing-list
- RHSA-2002:137 vendor-advisory
- 5164 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2002-0638 advisory