Vulnerabilites related to hp - secure_os
cve-2002-0836
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:03
Severity ?
Summary
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
References
http://marc.info/?l=bugtraq&m=103497852330838&w=2mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/5978vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=104005975415582&w=2mailing-list, x_refsource_BUGTRAQ
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537vendor-advisory, x_refsource_CONECTIVA
http://www.kb.cert.org/vuls/id/169841third-party-advisory, x_refsource_CERT-VN
http://www.debian.org/security/2002/dsa-207vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/advisories/4567vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2002-195.htmlvendor-advisory, x_refsource_REDHAT
http://www.iss.net/security_center/static/10365.phpvdb-entry, x_refsource_XF
http://www.redhat.com/support/errata/RHSA-2002-194.htmlvendor-advisory, x_refsource_REDHAT
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.phpvendor-advisory, x_refsource_MANDRAKE
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:03:49.020Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20021018 GLSA: tetex",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=103497852330838&w=2",
               },
               {
                  name: "5978",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/5978",
               },
               {
                  name: "20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=104005975415582&w=2",
               },
               {
                  name: "CLA-2002:537",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CONECTIVA",
                     "x_transferred",
                  ],
                  url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537",
               },
               {
                  name: "VU#169841",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/169841",
               },
               {
                  name: "DSA-207",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2002/dsa-207",
               },
               {
                  name: "HPSBTL0210-073",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/advisories/4567",
               },
               {
                  name: "RHSA-2002:195",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2002-195.html",
               },
               {
                  name: "dvips-system-execute-commands(10365)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/10365.php",
               },
               {
                  name: "RHSA-2002:194",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2002-194.html",
               },
               {
                  name: "MDKSA-2002:070",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-10-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2004-07-25T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20021018 GLSA: tetex",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=103497852330838&w=2",
            },
            {
               name: "5978",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/5978",
            },
            {
               name: "20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=104005975415582&w=2",
            },
            {
               name: "CLA-2002:537",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
               ],
               url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537",
            },
            {
               name: "VU#169841",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/169841",
            },
            {
               name: "DSA-207",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2002/dsa-207",
            },
            {
               name: "HPSBTL0210-073",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://www.securityfocus.com/advisories/4567",
            },
            {
               name: "RHSA-2002:195",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2002-195.html",
            },
            {
               name: "dvips-system-execute-commands(10365)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/10365.php",
            },
            {
               name: "RHSA-2002:194",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2002-194.html",
            },
            {
               name: "MDKSA-2002:070",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-0836",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20021018 GLSA: tetex",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=103497852330838&w=2",
                  },
                  {
                     name: "5978",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/5978",
                  },
                  {
                     name: "20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=104005975415582&w=2",
                  },
                  {
                     name: "CLA-2002:537",
                     refsource: "CONECTIVA",
                     url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537",
                  },
                  {
                     name: "VU#169841",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/169841",
                  },
                  {
                     name: "DSA-207",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2002/dsa-207",
                  },
                  {
                     name: "HPSBTL0210-073",
                     refsource: "HP",
                     url: "http://www.securityfocus.com/advisories/4567",
                  },
                  {
                     name: "RHSA-2002:195",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2002-195.html",
                  },
                  {
                     name: "dvips-system-execute-commands(10365)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/10365.php",
                  },
                  {
                     name: "RHSA-2002:194",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2002-194.html",
                  },
                  {
                     name: "MDKSA-2002:070",
                     refsource: "MANDRAKE",
                     url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-0836",
      datePublished: "2004-09-01T04:00:00",
      dateReserved: "2002-08-08T00:00:00",
      dateUpdated: "2024-08-08T03:03:49.020Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2001-1563
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-08-08 04:58
Severity ?
Summary
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/42892vdb-entry, x_refsource_XF
http://archives.neohapsis.com/archives/hp/2001-q4/0062.htmlvendor-advisory, x_refsource_HP
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T04:58:11.400Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "tomcat-unspecified-unauthorized-access(42892)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892",
               },
               {
                  name: "HPSBTL0112-004",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2001-12-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources.  NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "tomcat-unspecified-unauthorized-access(42892)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892",
            },
            {
               name: "HPSBTL0112-004",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2001-1563",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources.  NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "tomcat-unspecified-unauthorized-access(42892)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892",
                  },
                  {
                     name: "HPSBTL0112-004",
                     refsource: "HP",
                     url: "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2001-1563",
      datePublished: "2005-07-14T04:00:00",
      dateReserved: "2005-07-14T00:00:00",
      dateUpdated: "2024-08-08T04:58:11.400Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-1232
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:19
Severity ?
Summary
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
References
http://online.securityfocus.com/advisories/4605vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2003-229.htmlvendor-advisory, x_refsource_REDHAT
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txtvendor-advisory, x_refsource_CALDERA
http://www.debian.org/security/2002/dsa-180vendor-advisory, x_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2002-224.htmlvendor-advisory, x_refsource_REDHAT
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.phpvendor-advisory, x_refsource_MANDRAKE
http://www.iss.net/security_center/static/10423.phpvdb-entry, x_refsource_XF
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539vendor-advisory, x_refsource_CONECTIVA
http://www.redhat.com/support/errata/RHSA-2002-223.htmlvendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/6016vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=103582692228894&w=2mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:19:28.137Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "HPSBTL0210-074",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://online.securityfocus.com/advisories/4605",
               },
               {
                  name: "RHSA-2003:229",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2003-229.html",
               },
               {
                  name: "CSSA-2002-054.0",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CALDERA",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt",
               },
               {
                  name: "DSA-180",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2002/dsa-180",
               },
               {
                  name: "RHSA-2002:224",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2002-224.html",
               },
               {
                  name: "MDKSA-2002:078",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php",
               },
               {
                  name: "ypserv-map-memory-leak(10423)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/10423.php",
               },
               {
                  name: "CLA-2002:539",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CONECTIVA",
                     "x_transferred",
                  ],
                  url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539",
               },
               {
                  name: "RHSA-2002:223",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2002-223.html",
               },
               {
                  name: "6016",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/6016",
               },
               {
                  name: "20021028 GLSA: ypserv",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=103582692228894&w=2",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-10-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2004-08-18T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "HPSBTL0210-074",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://online.securityfocus.com/advisories/4605",
            },
            {
               name: "RHSA-2003:229",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2003-229.html",
            },
            {
               name: "CSSA-2002-054.0",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CALDERA",
               ],
               url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt",
            },
            {
               name: "DSA-180",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2002/dsa-180",
            },
            {
               name: "RHSA-2002:224",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2002-224.html",
            },
            {
               name: "MDKSA-2002:078",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php",
            },
            {
               name: "ypserv-map-memory-leak(10423)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/10423.php",
            },
            {
               name: "CLA-2002:539",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
               ],
               url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539",
            },
            {
               name: "RHSA-2002:223",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2002-223.html",
            },
            {
               name: "6016",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/6016",
            },
            {
               name: "20021028 GLSA: ypserv",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=103582692228894&w=2",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-1232",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "HPSBTL0210-074",
                     refsource: "HP",
                     url: "http://online.securityfocus.com/advisories/4605",
                  },
                  {
                     name: "RHSA-2003:229",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2003-229.html",
                  },
                  {
                     name: "CSSA-2002-054.0",
                     refsource: "CALDERA",
                     url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt",
                  },
                  {
                     name: "DSA-180",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2002/dsa-180",
                  },
                  {
                     name: "RHSA-2002:224",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2002-224.html",
                  },
                  {
                     name: "MDKSA-2002:078",
                     refsource: "MANDRAKE",
                     url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php",
                  },
                  {
                     name: "ypserv-map-memory-leak(10423)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/10423.php",
                  },
                  {
                     name: "CLA-2002:539",
                     refsource: "CONECTIVA",
                     url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539",
                  },
                  {
                     name: "RHSA-2002:223",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2002-223.html",
                  },
                  {
                     name: "6016",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/6016",
                  },
                  {
                     name: "20021028 GLSA: ypserv",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=103582692228894&w=2",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-1232",
      datePublished: "2004-09-01T04:00:00",
      dateReserved: "2002-10-22T00:00:00",
      dateUpdated: "2024-08-08T03:19:28.137Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2001-1506
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 04:58
Severity ?
Summary
Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.
References
http://www.securityfocus.com/bid/3468vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/7342vdb-entry, x_refsource_XF
http://online.securityfocus.com/advisories/3618vendor-advisory, x_refsource_HP
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T04:58:11.626Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "3468",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/3468",
               },
               {
                  name: "hp-secure-unauth-privileges(7342)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342",
               },
               {
                  name: "HPSBTL0110-001",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://online.securityfocus.com/advisories/3618",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2001-10-23T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "3468",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/3468",
            },
            {
               name: "hp-secure-unauth-privileges(7342)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342",
            },
            {
               name: "HPSBTL0110-001",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://online.securityfocus.com/advisories/3618",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2001-1506",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "3468",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/3468",
                  },
                  {
                     name: "hp-secure-unauth-privileges(7342)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342",
                  },
                  {
                     name: "HPSBTL0110-001",
                     refsource: "HP",
                     url: "http://online.securityfocus.com/advisories/3618",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2001-1506",
      datePublished: "2005-06-21T04:00:00",
      dateReserved: "2005-06-21T00:00:00",
      dateUpdated: "2024-08-08T04:58:11.626Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-0835
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:03
Severity ?
Summary
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
References
http://www.securityfocus.com/bid/5596vdb-entry, x_refsource_BID
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txtvendor-advisory, x_refsource_CALDERA
http://www.iss.net/security_center/static/10003.phpvdb-entry, x_refsource_XF
http://online.securityfocus.com/advisories/4449vendor-advisory, x_refsource_HP
http://www.redhat.com/support/errata/RHSA-2002-162.htmlvendor-advisory, x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2002-165.htmlvendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:03:49.217Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "5596",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/5596",
               },
               {
                  name: "CSSA-2002-044.0",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CALDERA",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt",
               },
               {
                  name: "pxe-dhcp-dos(10003)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/10003.php",
               },
               {
                  name: "HPSBTL0209-066",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://online.securityfocus.com/advisories/4449",
               },
               {
                  name: "RHSA-2002:162",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2002-162.html",
               },
               {
                  name: "RHSA-2002:165",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2002-165.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-08-30T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2002-11-14T10:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "5596",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/5596",
            },
            {
               name: "CSSA-2002-044.0",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CALDERA",
               ],
               url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt",
            },
            {
               name: "pxe-dhcp-dos(10003)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/10003.php",
            },
            {
               name: "HPSBTL0209-066",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://online.securityfocus.com/advisories/4449",
            },
            {
               name: "RHSA-2002:162",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2002-162.html",
            },
            {
               name: "RHSA-2002:165",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2002-165.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-0835",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "5596",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/5596",
                  },
                  {
                     name: "CSSA-2002-044.0",
                     refsource: "CALDERA",
                     url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt",
                  },
                  {
                     name: "pxe-dhcp-dos(10003)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/10003.php",
                  },
                  {
                     name: "HPSBTL0209-066",
                     refsource: "HP",
                     url: "http://online.securityfocus.com/advisories/4449",
                  },
                  {
                     name: "RHSA-2002:162",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2002-162.html",
                  },
                  {
                     name: "RHSA-2002:165",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2002-165.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-0835",
      datePublished: "2004-09-01T04:00:00",
      dateReserved: "2002-08-08T00:00:00",
      dateUpdated: "2024-08-08T03:03:49.217Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-0638
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
Summary
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
References
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txtvendor-advisory, x_refsource_CALDERA
http://www.securityfocus.com/bid/5344vdb-entry, x_refsource_BID
http://www.iss.net/security_center/static/9709.phpvdb-entry, x_refsource_XF
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.phpvendor-advisory, x_refsource_MANDRAKE
http://rhn.redhat.com/errata/RHSA-2002-132.htmlvendor-advisory, x_refsource_REDHAT
http://www.kb.cert.org/vuls/id/405955third-party-advisory, x_refsource_CERT-VN
http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.htmlmailing-list, x_refsource_VULNWATCH
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523vendor-advisory, x_refsource_CONECTIVA
http://online.securityfocus.com/advisories/4320vendor-advisory, x_refsource_HP
http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.htmlmailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=102795787713996&w=2mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2002-137.htmlvendor-advisory, x_refsource_REDHAT
http://www.osvdb.org/5164vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T02:56:38.516Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "CSSA-2002-043.0",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CALDERA",
                     "x_transferred",
                  ],
                  url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt",
               },
               {
                  name: "5344",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/5344",
               },
               {
                  name: "utillinux-chfn-race-condition(9709)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "http://www.iss.net/security_center/static/9709.php",
               },
               {
                  name: "MDKSA-2002:047",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php",
               },
               {
                  name: "RHSA-2002:132",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2002-132.html",
               },
               {
                  name: "VU#405955",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/405955",
               },
               {
                  name: "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULNWATCH",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html",
               },
               {
                  name: "CLA-2002:523",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CONECTIVA",
                     "x_transferred",
                  ],
                  url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523",
               },
               {
                  name: "HPSBTL0207-054",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "http://online.securityfocus.com/advisories/4320",
               },
               {
                  name: "20020730 TSLSA-2002-0064 - util-linux",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html",
               },
               {
                  name: "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=102795787713996&w=2",
               },
               {
                  name: "RHSA-2002:137",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://www.redhat.com/support/errata/RHSA-2002-137.html",
               },
               {
                  name: "5164",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/5164",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-07-29T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2003-03-21T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "CSSA-2002-043.0",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CALDERA",
               ],
               url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt",
            },
            {
               name: "5344",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/5344",
            },
            {
               name: "utillinux-chfn-race-condition(9709)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "http://www.iss.net/security_center/static/9709.php",
            },
            {
               name: "MDKSA-2002:047",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php",
            },
            {
               name: "RHSA-2002:132",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2002-132.html",
            },
            {
               name: "VU#405955",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/405955",
            },
            {
               name: "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html",
            },
            {
               name: "CLA-2002:523",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
               ],
               url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523",
            },
            {
               name: "HPSBTL0207-054",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "http://online.securityfocus.com/advisories/4320",
            },
            {
               name: "20020730 TSLSA-2002-0064 - util-linux",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html",
            },
            {
               name: "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=102795787713996&w=2",
            },
            {
               name: "RHSA-2002:137",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://www.redhat.com/support/errata/RHSA-2002-137.html",
            },
            {
               name: "5164",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/5164",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-0638",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "CSSA-2002-043.0",
                     refsource: "CALDERA",
                     url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt",
                  },
                  {
                     name: "5344",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/5344",
                  },
                  {
                     name: "utillinux-chfn-race-condition(9709)",
                     refsource: "XF",
                     url: "http://www.iss.net/security_center/static/9709.php",
                  },
                  {
                     name: "MDKSA-2002:047",
                     refsource: "MANDRAKE",
                     url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php",
                  },
                  {
                     name: "RHSA-2002:132",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2002-132.html",
                  },
                  {
                     name: "VU#405955",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/405955",
                  },
                  {
                     name: "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability",
                     refsource: "VULNWATCH",
                     url: "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html",
                  },
                  {
                     name: "CLA-2002:523",
                     refsource: "CONECTIVA",
                     url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523",
                  },
                  {
                     name: "HPSBTL0207-054",
                     refsource: "HP",
                     url: "http://online.securityfocus.com/advisories/4320",
                  },
                  {
                     name: "20020730 TSLSA-2002-0064 - util-linux",
                     refsource: "BUGTRAQ",
                     url: "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html",
                  },
                  {
                     name: "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=102795787713996&w=2",
                  },
                  {
                     name: "RHSA-2002:137",
                     refsource: "REDHAT",
                     url: "http://www.redhat.com/support/errata/RHSA-2002-137.html",
                  },
                  {
                     name: "5164",
                     refsource: "OSVDB",
                     url: "http://www.osvdb.org/5164",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-0638",
      datePublished: "2003-04-02T05:00:00",
      dateReserved: "2002-06-27T00:00:00",
      dateUpdated: "2024-08-08T02:56:38.516Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.
References
cve@mitre.orghttp://online.securityfocus.com/advisories/3618
cve@mitre.orghttp://www.securityfocus.com/bid/3468
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/7342
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/advisories/3618
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3468
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/7342
Impacted products
Vendor Product Version
hp secure_os 1.0


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
                     matchCriteriaId: "B345284D-6842-47C0-B823-B5DDC30CC8A6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.",
      },
   ],
   id: "CVE-2001-1506",
   lastModified: "2024-11-20T23:37:50.910",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2001-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://online.securityfocus.com/advisories/3618",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/3468",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://online.securityfocus.com/advisories/3618",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/3468",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/hp/2001-q4/0062.htmlPatch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/42892
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/hp/2001-q4/0062.htmlPatch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/42892
Impacted products
Vendor Product Version
apache tomcat 3.2.1
hp secure_os 1.0


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7079F63C-7CA8-4909-A9C8-45C4C1C1C186",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
                     matchCriteriaId: "B345284D-6842-47C0-B823-B5DDC30CC8A6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources.  NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.",
      },
   ],
   id: "CVE-2001-1563",
   lastModified: "2024-11-20T23:37:59.643",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2001-12-31T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-10-28 05:00
Modified
2024-11-20 23:39
Severity ?
Summary
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
cve@mitre.orghttp://marc.info/?l=bugtraq&m=103497852330838&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104005975415582&w=2
cve@mitre.orghttp://www.debian.org/security/2002/dsa-207Patch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/10365.phpVendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/169841US Government Resource
cve@mitre.orghttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-194.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-195.html
cve@mitre.orghttp://www.securityfocus.com/advisories/4567
cve@mitre.orghttp://www.securityfocus.com/bid/5978Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=103497852330838&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104005975415582&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2002/dsa-207Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/10365.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/169841US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-194.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-195.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/advisories/4567
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/5978Patch, Vendor Advisory
Impacted products
Vendor Product Version
hp secure_os 1.0
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 8.0
mandrakesoft mandrake_linux 8.0
mandrakesoft mandrake_linux 8.1
mandrakesoft mandrake_linux 8.1
mandrakesoft mandrake_linux 8.2
mandrakesoft mandrake_linux 8.2
mandrakesoft mandrake_linux 9.0
redhat linux 6.2
redhat linux 6.2
redhat linux 6.2
redhat linux 6.2
redhat linux 7.0
redhat linux 7.0
redhat linux 7.0
redhat linux 7.1
redhat linux 7.1
redhat linux 7.1
redhat linux 7.1
redhat linux 7.2
redhat linux 7.2
redhat linux 7.2
redhat linux 7.3
redhat linux 7.3
redhat linux 8.0
redhat linux 8.0


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
                     matchCriteriaId: "B345284D-6842-47C0-B823-B5DDC30CC8A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4371A667-18E1-4C54-B2E1-6F885F22F213",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*",
                     matchCriteriaId: "5B28763D-8F4B-45E5-82FA-AB7E54C18EBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "205EF72B-7334-4AE0-9CA6-D2E8E5910C8E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*",
                     matchCriteriaId: "613A22EC-D93C-48B0-B97C-3E0DDFBD0B62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEB99324-3062-426F-8E2F-44DC3A7ADB2A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*",
                     matchCriteriaId: "128F5289-E9F3-41A7-A534-FBAA8A119A9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33F6F859-B7B8-4072-B073-6CC8291D642E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0633B5A6-7A88-4A96-9462-4C09D124ED36",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "344610A8-DB6D-4407-9304-916C419F648C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
                     matchCriteriaId: "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
                     matchCriteriaId: "64775BEF-2E53-43CA-8639-A7E54F6F4222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "FD6576E2-9F26-4857-9F28-F51899F1EF48",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
                     matchCriteriaId: "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D46E093-1C68-43BB-B281-12117EC8DE0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
                     matchCriteriaId: "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
                     matchCriteriaId: "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E562907F-D915-4030-847A-3C6834A80D4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*",
                     matchCriteriaId: "6A1EF00A-52E9-4FD8-98FD-3998225D8655",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
                     matchCriteriaId: "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
                     matchCriteriaId: "9B502A61-44FB-4CD4-85BE-88D4ACCCA441",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "038FEDE7-986F-4CA5-9003-BA68352B87D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:8.0:*:i386:*:*:*:*:*",
                     matchCriteriaId: "4D1E6298-EDF5-438F-8DFD-16A514CB938A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.",
      },
      {
         lang: "es",
         value: "El conversor dvips para ficheros Postscript en el paquete tetex llama a la función system() de forma insegura, lo que permite a atacantes ejecutar comandos arbitrarios mediante ciertos trabajos de impresión, posiblemente conteniendo fuentes.",
      },
   ],
   id: "CVE-2002-0836",
   lastModified: "2024-11-20T23:39:58.930",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-10-28T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=103497852330838&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=104005975415582&w=2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2002/dsa-207",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.iss.net/security_center/static/10365.php",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/169841",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2002-194.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2002-195.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/advisories/4567",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/5978",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=103497852330838&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=104005975415582&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2002/dsa-207",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.iss.net/security_center/static/10365.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/169841",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2002-194.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2002-195.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/advisories/4567",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/5978",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-10-04 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
References
cve@mitre.orgftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt
cve@mitre.orghttp://online.securityfocus.com/advisories/4449
cve@mitre.orghttp://www.iss.net/security_center/static/10003.php
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-162.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-165.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/5596Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/advisories/4449
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/10003.php
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-162.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-165.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/5596Exploit, Vendor Advisory
Impacted products
Vendor Product Version
caldera openlinux_server 3.1
caldera openlinux_server 3.1.1
caldera openlinux_workstation 3.1
caldera openlinux_workstation 3.1.1
redhat pre-execution_environment 0.1
hp secure_os 1.0


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A218B67-B87B-4A5E-B9EF-EF39ADEAD9FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:caldera:openlinux_server:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "59A82AD5-A42D-49FF-A9D4-A57C8433A5A1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:caldera:openlinux_workstation:3.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB41DE44-C3A1-4CC9-ACA7-4EC171D68910",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:caldera:openlinux_workstation:3.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C31B1A4A-96AD-4322-8AF3-733D66DBB50E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:pre-execution_environment:0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "B2522945-D94F-4F8D-8705-87D15AE3B41D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
                     matchCriteriaId: "B345284D-6842-47C0-B823-B5DDC30CC8A6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.",
      },
      {
         lang: "es",
         value: "El servidor Preboot eXecution Environment (PXE) permite a atacantes remotos causar una denegación de servicio (caída) mediante ciertos paquetes DHCP (Dinamic Host Configuraion Protocol) de teléfonos Voz-sobre-IP (VOIP).",
      },
   ],
   id: "CVE-2002-0835",
   lastModified: "2024-11-20T23:39:58.770",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-10-04T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt",
      },
      {
         source: "cve@mitre.org",
         url: "http://online.securityfocus.com/advisories/4449",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.iss.net/security_center/static/10003.php",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2002-162.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2002-165.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/5596",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://online.securityfocus.com/advisories/4449",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.iss.net/security_center/static/10003.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2002-162.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2002-165.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/5596",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-11-04 05:00
Modified
2024-11-20 23:40
Severity ?
Summary
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
References
cve@mitre.orgftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539
cve@mitre.orghttp://marc.info/?l=bugtraq&m=103582692228894&w=2
cve@mitre.orghttp://online.securityfocus.com/advisories/4605
cve@mitre.orghttp://www.debian.org/security/2002/dsa-180Patch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/10423.phpVendor Advisory
cve@mitre.orghttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-223.htmlPatch
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-224.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-229.html
cve@mitre.orghttp://www.securityfocus.com/bid/6016Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=103582692228894&w=2
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/advisories/4605
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2002/dsa-180Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/10423.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-223.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-224.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-229.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6016Patch, Vendor Advisory
Impacted products
Vendor Product Version
debian debian_linux 2.2
debian debian_linux 2.2
debian debian_linux 2.2
debian debian_linux 2.2
debian debian_linux 2.2
debian debian_linux 2.2
debian debian_linux 2.2
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
hp secure_os 1.0
redhat linux 6.2
redhat linux 6.2
redhat linux 6.2
redhat linux 6.2
redhat linux 7.0
redhat linux 7.0
redhat linux 7.0
redhat linux 7.1
redhat linux 7.1
redhat linux 7.1
redhat linux 7.2
redhat linux 7.2
redhat linux 7.3
redhat linux 7.3


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "58B90124-0543-4226-BFF4-13CCCBCCB243",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:68k:*:*:*:*:*",
                     matchCriteriaId: "E040A866-0D2C-40E1-B1FB-DB600B389E27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "CE1C944A-E5F1-49DE-B069-2A358123B535",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:arm:*:*:*:*:*",
                     matchCriteriaId: "D71083B4-1736-4501-8DE8-BC24AC1447AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:ia-32:*:*:*:*:*",
                     matchCriteriaId: "E9D468DB-C4AE-4ACB-B3B7-2FAEA90D6A49",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:powerpc:*:*:*:*:*",
                     matchCriteriaId: "2A32E486-2598-41B3-B6DB-3CC46D239AFC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:2.2:*:sparc:*:*:*:*:*",
                     matchCriteriaId: "AAEE18D8-AA3B-47A3-AA7C-AAFF7591F391",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "A6B060E4-B5A6-4469-828E-211C52542547",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
                     matchCriteriaId: "974C3541-990C-4CD4-A05A-38FA74A84632",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
                     matchCriteriaId: "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
                     matchCriteriaId: "C9419322-572F-4BB6-8416-C5E96541CF33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
                     matchCriteriaId: "BFC50555-C084-46A3-9C9F-949C5E3BB448",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
                     matchCriteriaId: "9C25D6E1-D283-4CEA-B47B-60C47A5C0797",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
                     matchCriteriaId: "AD18A446-C634-417E-86AC-B19B6DDDC856",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
                     matchCriteriaId: "E4BB852E-61B2-4842-989F-C6C0C901A8D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
                     matchCriteriaId: "24DD9D59-E2A2-4116-A887-39E8CC2004FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
                     matchCriteriaId: "F28D7457-607E-4E0C-909A-413F91CFCD82",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
                     matchCriteriaId: "B345284D-6842-47C0-B823-B5DDC30CC8A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0633B5A6-7A88-4A96-9462-4C09D124ED36",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "344610A8-DB6D-4407-9304-916C419F648C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
                     matchCriteriaId: "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
                     matchCriteriaId: "64775BEF-2E53-43CA-8639-A7E54F6F4222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "FD6576E2-9F26-4857-9F28-F51899F1EF48",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
                     matchCriteriaId: "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D46E093-1C68-43BB-B281-12117EC8DE0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
                     matchCriteriaId: "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
                     matchCriteriaId: "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E562907F-D915-4030-847A-3C6834A80D4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
                     matchCriteriaId: "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
                     matchCriteriaId: "9B502A61-44FB-4CD4-85BE-88D4ACCCA441",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.",
      },
      {
         lang: "es",
         value: "Fuga de memoria en ypdb_open en yp_db.c en ypserv anteriores a 2.5 en el paquete NIS 3.9 y anteriores permite a atacantes remotos causar una denegación de servicio (consumición de memoria) mediante un número grande de peticiones de un mapa inexistente.",
      },
   ],
   id: "CVE-2002-1232",
   lastModified: "2024-11-20T23:40:52.670",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-11-04T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt",
      },
      {
         source: "cve@mitre.org",
         url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=103582692228894&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://online.securityfocus.com/advisories/4605",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2002/dsa-180",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.iss.net/security_center/static/10423.php",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2002-223.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2002-224.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2003-229.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/6016",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=103582692228894&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://online.securityfocus.com/advisories/4605",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.debian.org/security/2002/dsa-180",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.iss.net/security_center/static/10423.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.redhat.com/support/errata/RHSA-2002-223.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2002-224.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2003-229.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/6016",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
References
cve@mitre.orgftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523
cve@mitre.orghttp://marc.info/?l=bugtraq&m=102795787713996&w=2
cve@mitre.orghttp://online.securityfocus.com/advisories/4320
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2002-132.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/9709.php
cve@mitre.orghttp://www.kb.cert.org/vuls/id/405955Patch, Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
cve@mitre.orghttp://www.osvdb.org/5164
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-137.html
cve@mitre.orghttp://www.securityfocus.com/bid/5344
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=102795787713996&w=2
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/advisories/4320
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2002-132.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/9709.php
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/405955Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/5164
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-137.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/5344
Impacted products
Vendor Product Version
mandrakesoft mandrake_single_network_firewall 7.2
hp secure_os 1.0
mandrakesoft mandrake_linux 7.0
mandrakesoft mandrake_linux 7.1
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 8.0
mandrakesoft mandrake_linux 8.0
mandrakesoft mandrake_linux 8.1
mandrakesoft mandrake_linux 8.1
mandrakesoft mandrake_linux 8.2
mandrakesoft mandrake_linux_corporate_server 1.0.1
redhat linux 6.0
redhat linux 6.0
redhat linux 6.0
redhat linux 6.1
redhat linux 6.1
redhat linux 6.1
redhat linux 6.2
redhat linux 6.2
redhat linux 6.2
redhat linux 7.0
redhat linux 7.0
redhat linux 7.1
redhat linux 7.1
redhat linux 7.1
redhat linux 7.2
redhat linux 7.2
redhat linux 7.2
redhat linux 7.3


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "7A188467-3856-4599-A2CD-BD2655974B63",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
                     matchCriteriaId: "B345284D-6842-47C0-B823-B5DDC30CC8A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4853E92-5E0A-47B9-A343-D5BEE87D2C27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3EC1FF5D-5EAB-44D5-B281-770547C70D68",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "4371A667-18E1-4C54-B2E1-6F885F22F213",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*",
                     matchCriteriaId: "5B28763D-8F4B-45E5-82FA-AB7E54C18EBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "205EF72B-7334-4AE0-9CA6-D2E8E5910C8E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*",
                     matchCriteriaId: "613A22EC-D93C-48B0-B97C-3E0DDFBD0B62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEB99324-3062-426F-8E2F-44DC3A7ADB2A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "97E09AD9-F057-4264-88BB-A8A18C1B1246",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "2DFA94D5-0139-490C-8257-0751FE9FBAE4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.0:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "6931FB54-A163-4CE3-BBD9-D345AA0977A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.0:*:sparc:*:*:*:*:*",
                     matchCriteriaId: "5ABD1331-277C-4C31-8186-978243C62255",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "2EC4D3AB-38FA-4D44-AF5C-2DCD15994E76",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.1:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "C89454B9-4F45-4A42-A06D-ED42D893C544",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.1:*:sparc:*:*:*:*:*",
                     matchCriteriaId: "1E64093E-7D53-4238-95C3-48ED5A0FFD97",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0633B5A6-7A88-4A96-9462-4C09D124ED36",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "344610A8-DB6D-4407-9304-916C419F648C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
                     matchCriteriaId: "64775BEF-2E53-43CA-8639-A7E54F6F4222",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "FD6576E2-9F26-4857-9F28-F51899F1EF48",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D46E093-1C68-43BB-B281-12117EC8DE0F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
                     matchCriteriaId: "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E562907F-D915-4030-847A-3C6834A80D4E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.2:*:alpha:*:*:*:*:*",
                     matchCriteriaId: "6EAAC51F-9DC5-4026-8147-1B74975D6183",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
                     matchCriteriaId: "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "138985E6-5107-4E8B-A801-C3D5FE075227",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.",
      },
      {
         lang: "es",
         value: "setpwnam.c en el paquete util-linux, como se incluye en Red Hat Linux 7.3 y antieriores, y en otros sistemas operativos, no bloquea adecuadamente un fichero temporal cuando se modifica /etc/passwd, lo que puede permitir a usuarios locales ganar privilegios mediante una compleja condición de carrera que usa un descriptor de fichero abierto en utilidades como chfn y chsh.",
      },
   ],
   id: "CVE-2002-0638",
   lastModified: "2024-11-20T23:39:31.580",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 6.2,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:L/AC:H/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 1.9,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-08-12T04:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt",
      },
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523",
      },
      {
         source: "cve@mitre.org",
         url: "http://marc.info/?l=bugtraq&m=102795787713996&w=2",
      },
      {
         source: "cve@mitre.org",
         url: "http://online.securityfocus.com/advisories/4320",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2002-132.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.iss.net/security_center/static/9709.php",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/405955",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.osvdb.org/5164",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.redhat.com/support/errata/RHSA-2002-137.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/5344",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://marc.info/?l=bugtraq&m=102795787713996&w=2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://online.securityfocus.com/advisories/4320",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2002-132.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.iss.net/security_center/static/9709.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/405955",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/5164",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.redhat.com/support/errata/RHSA-2002-137.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/5344",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}