CVE-2002-0638Race Condition in Mandrake Linux

5 documents5 sources
Severity
6.2MEDIUMNVD
EPSS
0.1%
top 75.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
HP Secure OSMandrakesoft Mandrake LinuxMandrakesoft Mandrake Linux Corporate Server+2 more
Timeline
PublishedAug 12
Latest updateMay 3

Description

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages5 packages

NVDredhat/linux7 versions+6
NVDmandrakesoft/mandrake_linux6 versions+5
NVDhp/secure_os1.0

Patches

Patch: rhn.redhat.comPatch: www.kb.cert.orgPatch: rhn.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-gmmv-6j82-fwgw: setpwnam2022-05-03
CVEList
CVE-2002-0638: setpwnam2003-04-02

📋Vendor Advisories

1
Red Hat
security flaw2002-07-29

💬Community

1
Bugzilla
CVE-2002-0638 security flaw2018-08-16
CVE-2002-0638 — Race Condition in Mandrake Linux | cvebase