CVE-2002-0638
published 2002-08-12CVE-2002-0638: setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when…
medium6.2CVSS 3.1
AVLACHAuNCCICAC
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | secure_os | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux | — | — |
| mandrakesoft | mandrake_linux_corporate_server | — | — |
| mandrakesoft | mandrake_single_network_firewall | — | — |
| redhat | linux | — | — |
| redhat | linux | — | — |
| redhat | linux | — | — |
| redhat | linux | — | — |
| redhat | linux | — | — |
| redhat | linux | — | — |
| redhat | linux | — | — |