Vulnerabilites related to mandrakesoft - mandrake_single_network_firewall
Vulnerability from fkie_nvd
Published
2002-03-15 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
immunix | immunix | 7.0 | |
mandrakesoft | mandrake_single_network_firewall | 7.2 | |
openbsd | openssh | * | |
openpkg | openpkg | 1.0 | |
conectiva | linux | 5.0 | |
conectiva | linux | 5.1 | |
conectiva | linux | 6.0 | |
conectiva | linux | 7.0 | |
conectiva | linux | ecommerce | |
conectiva | linux | graficas | |
engardelinux | secure_linux | 1.0.1 | |
mandrakesoft | mandrake_linux | 7.1 | |
mandrakesoft | mandrake_linux | 7.2 | |
mandrakesoft | mandrake_linux | 8.0 | |
mandrakesoft | mandrake_linux | 8.0 | |
mandrakesoft | mandrake_linux | 8.1 | |
mandrakesoft | mandrake_linux_corporate_server | 1.0.1 | |
redhat | linux | 7.0 | |
redhat | linux | 7.1 | |
redhat | linux | 7.2 | |
suse | suse_linux | 6.4 | |
suse | suse_linux | 6.4 | |
suse | suse_linux | 6.4 | |
suse | suse_linux | 7.0 | |
suse | suse_linux | 7.0 | |
suse | suse_linux | 7.0 | |
suse | suse_linux | 7.0 | |
suse | suse_linux | 7.1 | |
suse | suse_linux | 7.1 | |
suse | suse_linux | 7.1 | |
suse | suse_linux | 7.1 | |
suse | suse_linux | 7.2 | |
suse | suse_linux | 7.3 | |
suse | suse_linux | 7.3 | |
suse | suse_linux | 7.3 | |
trustix | secure_linux | 1.1 | |
trustix | secure_linux | 1.2 | |
trustix | secure_linux | 1.5 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:immunix:immunix:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "660CA978-FDA1-4D48-8162-9CB9243A1B7E", "vulnerable": true }, { "criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63", "vulnerable": true }, { "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "57BE3D9D-42CA-45A4-A2BB-A7154F177A45", "versionEndExcluding": "3.1", "versionStartIncluding": "2.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:openpkg:openpkg:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2AD28A07-6B9F-443B-88E5-7CE777012037", "vulnerable": true }, { "criteria": "cpe:2.3:o:conectiva:linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "537A5C29-D770-4755-A6AB-8916754E14DB", "vulnerable": true }, { "criteria": "cpe:2.3:o:conectiva:linux:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E3AC05A9-04DA-4ED3-94D8-3254384CB724", "vulnerable": true }, { "criteria": "cpe:2.3:o:conectiva:linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "DCE4BBA3-7332-45EE-8C29-BE5A473B559D", "vulnerable": true }, { "criteria": "cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "97177EF7-8FC4-4D4D-A8D9-3628AA0035FB", "vulnerable": true }, { "criteria": "cpe:2.3:o:conectiva:linux:ecommerce:*:*:*:*:*:*:*", "matchCriteriaId": "FB63DADC-A9AE-4FBA-BCCA-9714646DBD04", "vulnerable": true }, { "criteria": "cpe:2.3:o:conectiva:linux:graficas:*:*:*:*:*:*:*", "matchCriteriaId": "99E6E71D-100E-45FA-B90A-C2F7C37E458C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:engardelinux:secure_linux:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "79A6E38E-9BC6-4CD7-ABC6-754C9DB07DB2", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*", "matchCriteriaId": "5B28763D-8F4B-45E5-82FA-AB7E54C18EBF", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "205EF72B-7334-4AE0-9CA6-D2E8E5910C8E", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*", "matchCriteriaId": "8A206E1C-C2EC-4356-8777-B18D7069A4C3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*", "matchCriteriaId": "6E2FE291-1142-4627-A497-C0BB0D934A0B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*", "matchCriteriaId": "49BC7C7E-046C-4186-822E-9F3A2AD3577B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*", "matchCriteriaId": "2FE69F6F-6B17-4C87-ACA4-A2A1FB47206A", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*", "matchCriteriaId": "467A30EB-CB8F-4928-AC8F-F659084A9E2B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "714C1439-AB8E-4A8B-A783-D60E9DDC38D4", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*", "matchCriteriaId": "62CAE5B0-4D46-4A93-A343-C8E9CB574C62", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*", "matchCriteriaId": "FB647A8B-ADB9-402B-96E1-45321C75731B", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*", "matchCriteriaId": "0944FD27-736E-4B55-8D96-9F2CA9BB9B05", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*", "matchCriteriaId": "373BB5AC-1F38-4D0A-97DC-08E9654403EE", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*", "matchCriteriaId": "B5E71DA3-F4A0-46AF-92A2-E691C7A65528", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*", "matchCriteriaId": "1975A2DD-EB22-4ED3-8719-F78AA7F414B2", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*", "matchCriteriaId": "19F606EE-530F-4C06-82DB-52035EE03FA3", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*", "matchCriteriaId": "A0E896D5-0005-4E7E-895D-B202AFCE09A1", "vulnerable": true }, { "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*", "matchCriteriaId": "5A8B313F-93C7-4558-9571-DE1111487E17", "vulnerable": true }, { "criteria": "cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9D0DFB12-B43F-4207-A900-464A97F5124D", "vulnerable": true }, { "criteria": "cpe:2.3:o:trustix:secure_linux:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "13EBB2F7-712E-4CB1-B4B4-5F0851F3D37E", "vulnerable": true }, { "criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges." }, { "lang": "es", "value": "Error \u0027off-by-one\u0027 en el c\u00f3digo de canal de OpenSSH 2.0 a 3.0.2 permite a usuarios locales o a servidores remotos ganar privilegios." } ], "id": "CVE-2002-0083", "lastModified": "2024-11-20T23:38:16.160", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2002-03-15T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch" ], "url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://online.securityfocus.com/advisories/3960" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://online.securityfocus.com/archive/1/264657" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "http://www.debian.org/security/2002/dsa-119" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.iss.net/security_center/static/8383.php" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Patch", "Vendor Advisory" ], "url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.osvdb.org/730" }, { "source": "cve@mitre.org", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-043.html" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/4241" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch" ], "url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://online.securityfocus.com/advisories/3960" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://online.securityfocus.com/archive/1/264657" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Vendor Advisory" ], "url": "http://www.debian.org/security/2002/dsa-119" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.iss.net/security_center/static/8383.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Patch", "Vendor Advisory" ], "url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.osvdb.org/730" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-043.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/4241" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-193" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
mandrakesoft | mandrake_single_network_firewall | 7.2 | |
hp | secure_os | 1.0 | |
mandrakesoft | mandrake_linux | 7.0 | |
mandrakesoft | mandrake_linux | 7.1 | |
mandrakesoft | mandrake_linux | 7.2 | |
mandrakesoft | mandrake_linux | 8.0 | |
mandrakesoft | mandrake_linux | 8.0 | |
mandrakesoft | mandrake_linux | 8.1 | |
mandrakesoft | mandrake_linux | 8.1 | |
mandrakesoft | mandrake_linux | 8.2 | |
mandrakesoft | mandrake_linux_corporate_server | 1.0.1 | |
redhat | linux | 6.0 | |
redhat | linux | 6.0 | |
redhat | linux | 6.0 | |
redhat | linux | 6.1 | |
redhat | linux | 6.1 | |
redhat | linux | 6.1 | |
redhat | linux | 6.2 | |
redhat | linux | 6.2 | |
redhat | linux | 6.2 | |
redhat | linux | 7.0 | |
redhat | linux | 7.0 | |
redhat | linux | 7.1 | |
redhat | linux | 7.1 | |
redhat | linux | 7.1 | |
redhat | linux | 7.2 | |
redhat | linux | 7.2 | |
redhat | linux | 7.2 | |
redhat | linux | 7.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*", "matchCriteriaId": "B345284D-6842-47C0-B823-B5DDC30CC8A6", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "E4853E92-5E0A-47B9-A343-D5BEE87D2C27", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*", "matchCriteriaId": "5B28763D-8F4B-45E5-82FA-AB7E54C18EBF", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "205EF72B-7334-4AE0-9CA6-D2E8E5910C8E", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "613A22EC-D93C-48B0-B97C-3E0DDFBD0B62", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "DEB99324-3062-426F-8E2F-44DC3A7ADB2A", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2DFA94D5-0139-490C-8257-0751FE9FBAE4", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:6.0:*:alpha:*:*:*:*:*", "matchCriteriaId": "6931FB54-A163-4CE3-BBD9-D345AA0977A6", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:6.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "5ABD1331-277C-4C31-8186-978243C62255", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "2EC4D3AB-38FA-4D44-AF5C-2DCD15994E76", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:6.1:*:alpha:*:*:*:*:*", "matchCriteriaId": "C89454B9-4F45-4A42-A06D-ED42D893C544", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:6.1:*:sparc:*:*:*:*:*", "matchCriteriaId": "1E64093E-7D53-4238-95C3-48ED5A0FFD97", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*", "matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*", "matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*", "matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*", "matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*", "matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.2:*:alpha:*:*:*:*:*", "matchCriteriaId": "6EAAC51F-9DC5-4026-8147-1B74975D6183", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*", "matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh." }, { "lang": "es", "value": "setpwnam.c en el paquete util-linux, como se incluye en Red Hat Linux 7.3 y antieriores, y en otros sistemas operativos, no bloquea adecuadamente un fichero temporal cuando se modifica /etc/passwd, lo que puede permitir a usuarios locales ganar privilegios mediante una compleja condici\u00f3n de carrera que usa un descriptor de fichero abierto en utilidades como chfn y chsh." } ], "id": "CVE-2002-0638", "lastModified": "2024-11-20T23:39:31.580", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 1.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2002-08-12T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html" }, { "source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html" }, { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523" }, { "source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2" }, { "source": "cve@mitre.org", "url": "http://online.securityfocus.com/advisories/4320" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html" }, { "source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/9709.php" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/405955" }, { "source": "cve@mitre.org", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/5164" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html" }, { "source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/5344" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://online.securityfocus.com/advisories/4320" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.iss.net/security_center/static/9709.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/405955" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/5164" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/5344" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-11-28 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | http_server | 1.3 | |
apache | http_server | 1.3.1 | |
apache | http_server | 1.3.3 | |
apache | http_server | 1.3.4 | |
apache | http_server | 1.3.6 | |
apache | http_server | 1.3.9 | |
apache | http_server | 1.3.11 | |
apache | http_server | 1.3.12 | |
apache | http_server | 1.3.14 | |
apache | http_server | 1.3.17 | |
apache | http_server | 1.3.18 | |
mandrakesoft | mandrake_single_network_firewall | 7.2 | |
mandrakesoft | mandrake_linux | 7.1 | |
mandrakesoft | mandrake_linux | 7.3 | |
mandrakesoft | mandrake_linux | 8.0 | |
mandrakesoft | mandrake_linux_corporate_server | 1.0.1 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "28EC1F94-04F3-490A-8324-1EB60EEBAD4B", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "30D94958-0D13-4076-B6F0-61D505136789", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "B22DA22E-54DA-46CF-B3AE-4B0900D8086A", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "F90F496A-5D57-448F-A46F-E15F06CBFD01", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "89B58983-633F-4D20-80AE-8E7EB865CF83", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*", "matchCriteriaId": "19C8989C-D8A6-4AE9-99B6-F2DAE5999EB6", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*", "matchCriteriaId": "7B6EE0E2-D608-4E72-A0E5-F407511405C2", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*", "matchCriteriaId": "33FD6791-3B84-40CA-BCF4-B5637B172F2A", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*", "matchCriteriaId": "6DDD2F69-CFD4-4DEA-B43A-1337EEFA95A3", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*", "matchCriteriaId": "0A80B17D-FD66-40BD-9ADC-FE7A3944A696", "vulnerable": true }, { "criteria": "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*", "matchCriteriaId": "713ADED4-CBE5-40C3-A128-99CFABF24560", "vulnerable": true }, { "criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "B58D49AA-BBA0-4496-9A52-3D5C9DAEB58B", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories." } ], "id": "CVE-2001-1449", "lastModified": "2024-11-20T23:37:43.277", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-11-28T05:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/913704" }, { "source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8029" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/913704" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8029" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-07-18 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
caldera | openlinux_server | 3.1 | |
immunix | immunix | 6.2 | |
immunix | immunix | 7.0 | |
immunix | immunix | 7.0_beta | |
mandrakesoft | mandrake_single_network_firewall | 7.2 | |
squid | squid_web_proxy | 2.3stable3 | |
squid | squid_web_proxy | 2.3stable4 | |
mandrakesoft | mandrake_linux | 7.1 | |
mandrakesoft | mandrake_linux | 7.2 | |
mandrakesoft | mandrake_linux | 8.0 | |
mandrakesoft | mandrake_linux_corporate_server | 1.0.1 | |
redhat | linux | 7.0 | |
trustix | secure_linux | 1.1 | |
trustix | secure_linux | 1.01 | |
trustix | secure_linux | 1.2 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "0A218B67-B87B-4A5E-B9EF-EF39ADEAD9FC", "vulnerable": true }, { "criteria": "cpe:2.3:a:immunix:immunix:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "DB0F79BE-8EBF-44D8-83A1-9331669BED54", "vulnerable": true }, { "criteria": "cpe:2.3:a:immunix:immunix:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "660CA978-FDA1-4D48-8162-9CB9243A1B7E", "vulnerable": true }, { "criteria": "cpe:2.3:a:immunix:immunix:7.0_beta:*:*:*:*:*:*:*", "matchCriteriaId": "1A2889C6-8DE0-4432-812A-F2A5C4A08897", "vulnerable": true }, { "criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63", "vulnerable": true }, { "criteria": "cpe:2.3:a:squid:squid_web_proxy:2.3stable3:*:*:*:*:*:*:*", "matchCriteriaId": "1D5299EE-5CA6-4A9E-9543-BDB0ADF9ED68", "vulnerable": true }, { "criteria": "cpe:2.3:a:squid:squid_web_proxy:2.3stable4:*:*:*:*:*:*:*", "matchCriteriaId": "69466E6B-CD99-4A6F-87EE-1CC430573509", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14", "vulnerable": true }, { "criteria": "cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "9D0DFB12-B43F-4207-A900-464A97F5124D", "vulnerable": true }, { "criteria": "cpe:2.3:o:trustix:secure_linux:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "9406727E-365C-466F-8406-82B393537559", "vulnerable": true }, { "criteria": "cpe:2.3:o:trustix:secure_linux:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "13EBB2F7-712E-4CB1-B4B4-5F0851F3D37E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning." } ], "id": "CVE-2001-1030", "lastModified": "2024-11-20T23:36:42.360", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-07-18T04:00:00.000", "references": [ { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01" }, { "source": "cve@mitre.org", "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt" }, { "source": "cve@mitre.org", "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2001-097.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/197727" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2001-097.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/archive/1/197727" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2001-07-16 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "086DC60F-F530-4515-8F3D-87F30DB9B322", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D538927-82D5-476E-9C85-2E9297316D44", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A904832-A6D6-45D4-B07C-79ED1FE47A80", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "1BB554A4-EEC2-4E17-9F32-27A580B9E389", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "191DB249-6A73-4561-8CCA-565D1525CB31", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "34A5D9A5-FB1D-4ACF-846A-4DB73196122C", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "41400CE6-FA51-435C-93F7-B31FE42F18AE", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6022ABEB-6825-4A5F-9884-74F94C2387F8", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D2F15789-334D-460D-B5B3-FCC71087D107", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F77B1548-BB6D-4618-AE7B-E97F91A0AF5D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B7064C52-1211-42B8-BF1F-C22D800AED07", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1CD95826-E44A-48C6-BAAB-77A905CAE6B3", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "FEEA6BB6-41FC-4F15-A95F-9B052F062454", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "E90766C1-6DBD-435C-85E1-920DAFA26D67", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "8CD13DAE-9588-4540-9183-FB80C507F985", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "526366F3-52F0-4816-A356-8F39B718C048", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "AC07AD0D-5DF9-41A4-8592-CEFF1842355D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "30017C56-42A9-4AF9-B5B3-7357E424F837", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "C8A51F38-3F5A-4F6D-93EE-776B5C2FF48F", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "8DBEC27E-3220-42CE-B6CC-675F387CB506", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "E641DFFB-CBAF-4DCF-944F-443CFF836A53", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:1.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "A552E270-5C9C-40DC-B23D-97C8D995B8FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "552F2E25-DDB8-49A6-844A-8520696DBE5B", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "03D75A36-41C4-464F-8DC4-42C841ABC087", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1C3EE919-D05C-4625-85FE-132F6F2B932C", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "20D99A58-8D7E-4586-A9BF-1DD2A1DBB8D3", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "DEBA0118-545E-4D7B-B819-34D157B2BA6D", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "67826609-F4CA-42CB-A5D0-B4503DDE2C92", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "61676BBD-95B8-44C9-BD66-79F00381BF86", "vulnerable": true }, { "criteria": "cpe:2.3:a:openldap:openldap:2.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "719A9B1D-8E32-461F-BCD4-F72C6AD3E63E", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "58B90124-0543-4226-BFF4-13CCCBCCB243", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213", "vulnerable": true }, { "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field." } ], "id": "CVE-2001-0977", "lastModified": "2024-11-20T23:36:34.800", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ] }, "published": "2001-07-16T04:00:00.000", "references": [ { "source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000417" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2001-18.html" }, { "source": "cve@mitre.org", "url": "http://www.debian.org/security/2001/dsa-068" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/935800" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3" }, { "source": "cve@mitre.org", "url": "http://www.osvdb.org/1905" }, { "source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2001-098.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3049" }, { "source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6904" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000417" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.cert.org/advisories/CA-2001-18.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2001/dsa-068" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/935800" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/1905" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2001-098.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.securityfocus.com/bid/3049" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6904" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cve-2002-0638
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:56:38.516Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CSSA-2002-043.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred" ], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt" }, { "name": "5344", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/5344" }, { "name": "utillinux-chfn-race-condition(9709)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/9709.php" }, { "name": "MDKSA-2002:047", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php" }, { "name": "RHSA-2002:132", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html" }, { "name": "VU#405955", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/405955" }, { "name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability", "tags": [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html" }, { "name": "CLA-2002:523", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523" }, { "name": "HPSBTL0207-054", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://online.securityfocus.com/advisories/4320" }, { "name": "20020730 TSLSA-2002-0064 - util-linux", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html" }, { "name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2" }, { "name": "RHSA-2002:137", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html" }, { "name": "5164", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/5164" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-07-29T00:00:00", "descriptions": [ { "lang": "en", "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2003-03-21T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "CSSA-2002-043.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA" ], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt" }, { "name": "5344", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/5344" }, { "name": "utillinux-chfn-race-condition(9709)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/9709.php" }, { "name": "MDKSA-2002:047", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php" }, { "name": "RHSA-2002:132", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html" }, { "name": "VU#405955", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/405955" }, { "name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability", "tags": [ "mailing-list", "x_refsource_VULNWATCH" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html" }, { "name": "CLA-2002:523", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523" }, { "name": "HPSBTL0207-054", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://online.securityfocus.com/advisories/4320" }, { "name": "20020730 TSLSA-2002-0064 - util-linux", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html" }, { "name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2" }, { "name": "RHSA-2002:137", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html" }, { "name": "5164", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/5164" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0638", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "CSSA-2002-043.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt" }, { "name": "5344", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5344" }, { "name": "utillinux-chfn-race-condition(9709)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/9709.php" }, { "name": "MDKSA-2002:047", "refsource": "MANDRAKE", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php" }, { "name": "RHSA-2002:132", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html" }, { "name": "VU#405955", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/405955" }, { "name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html" }, { "name": "CLA-2002:523", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523" }, { "name": "HPSBTL0207-054", "refsource": "HP", "url": "http://online.securityfocus.com/advisories/4320" }, { "name": "20020730 TSLSA-2002-0064 - util-linux", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html" }, { "name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2" }, { "name": "RHSA-2002:137", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html" }, { "name": "5164", "refsource": "OSVDB", "url": "http://www.osvdb.org/5164" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0638", "datePublished": "2003-04-02T05:00:00", "dateReserved": "2002-06-27T00:00:00", "dateUpdated": "2024-08-08T02:56:38.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2002-0083
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:35
Severity ?
EPSS score ?
Summary
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T02:35:17.574Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20020311 TSLSA-2002-0039 - openssh", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html" }, { "name": "CSSA-2002-SCO.10", "tags": [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred" ], "url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt" }, { "name": "730", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/730" }, { "name": "4241", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/4241" }, { "name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2" }, { "name": "CSSA-2002-SCO.11", "tags": [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred" ], "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt" }, { "name": "HPSBTL0203-029", "tags": [ "vendor-advisory", "x_refsource_HP", "x_transferred" ], "url": "http://online.securityfocus.com/advisories/3960" }, { "name": "DSA-119", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2002/dsa-119" }, { "name": "SuSE-SA:2002:009", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html" }, { "name": "CSSA-2002-012.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred" ], "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt" }, { "name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2" }, { "name": "ESA-20020307-007", "tags": [ "vendor-advisory", "x_refsource_ENGARDE", "x_transferred" ], "url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html" }, { "name": "CLA-2002:467", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467" }, { "name": "NetBSD-SA2002-004", "tags": [ "vendor-advisory", "x_refsource_NETBSD", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc" }, { "name": "FreeBSD-SA-02:13", "tags": [ "vendor-advisory", "x_refsource_FREEBSD", "x_transferred" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc" }, { "name": "20020307 OpenSSH Security Advisory (adv.channelalloc)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2" }, { "name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2" }, { "name": "MDKSA-2002:019", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php" }, { "name": "RHSA-2002:043", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-043.html" }, { "name": "openssh-channel-error(8383)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "http://www.iss.net/security_center/static/8383.php" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt" }, { "name": "20020328 OpenSSH channel_lookup() off by one exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://online.securityfocus.com/archive/1/264657" }, { "name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one", "tags": [ "mailing-list", "x_refsource_VULNWATCH", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2002-03-07T00:00:00", "descriptions": [ { "lang": "en", "value": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2002-06-16T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20020311 TSLSA-2002-0039 - openssh", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html" }, { "name": "CSSA-2002-SCO.10", "tags": [ "vendor-advisory", "x_refsource_CALDERA" ], "url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt" }, { "name": "730", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/730" }, { "name": "4241", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/4241" }, { "name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2" }, { "name": "CSSA-2002-SCO.11", "tags": [ "vendor-advisory", "x_refsource_CALDERA" ], "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt" }, { "name": "HPSBTL0203-029", "tags": [ "vendor-advisory", "x_refsource_HP" ], "url": "http://online.securityfocus.com/advisories/3960" }, { "name": "DSA-119", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2002/dsa-119" }, { "name": "SuSE-SA:2002:009", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html" }, { "name": "CSSA-2002-012.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA" ], "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt" }, { "name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2" }, { "name": "ESA-20020307-007", "tags": [ "vendor-advisory", "x_refsource_ENGARDE" ], "url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html" }, { "name": "CLA-2002:467", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467" }, { "name": "NetBSD-SA2002-004", "tags": [ "vendor-advisory", "x_refsource_NETBSD" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc" }, { "name": "FreeBSD-SA-02:13", "tags": [ "vendor-advisory", "x_refsource_FREEBSD" ], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc" }, { "name": "20020307 OpenSSH Security Advisory (adv.channelalloc)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2" }, { "name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2" }, { "name": "MDKSA-2002:019", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php" }, { "name": "RHSA-2002:043", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2002-043.html" }, { "name": "openssh-channel-error(8383)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "http://www.iss.net/security_center/static/8383.php" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt" }, { "name": "20020328 OpenSSH channel_lookup() off by one exploit", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://online.securityfocus.com/archive/1/264657" }, { "name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one", "tags": [ "mailing-list", "x_refsource_VULNWATCH" ], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0083", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20020311 TSLSA-2002-0039 - openssh", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html" }, { "name": "CSSA-2002-SCO.10", "refsource": "CALDERA", "url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt" }, { "name": "730", "refsource": "OSVDB", "url": "http://www.osvdb.org/730" }, { "name": "4241", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4241" }, { "name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2" }, { "name": "CSSA-2002-SCO.11", "refsource": "CALDERA", "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt" }, { "name": "HPSBTL0203-029", "refsource": "HP", "url": "http://online.securityfocus.com/advisories/3960" }, { "name": "DSA-119", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2002/dsa-119" }, { "name": "SuSE-SA:2002:009", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html" }, { "name": "CSSA-2002-012.0", "refsource": "CALDERA", "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt" }, { "name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2" }, { "name": "ESA-20020307-007", "refsource": "ENGARDE", "url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html" }, { "name": "CLA-2002:467", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467" }, { "name": "NetBSD-SA2002-004", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc" }, { "name": "FreeBSD-SA-02:13", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc" }, { "name": "20020307 OpenSSH Security Advisory (adv.channelalloc)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2" }, { "name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2" }, { "name": "MDKSA-2002:019", "refsource": "MANDRAKE", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php" }, { "name": "RHSA-2002:043", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-043.html" }, { "name": "openssh-channel-error(8383)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8383.php" }, { "name": "http://www.openbsd.org/advisories/ssh_channelalloc.txt", "refsource": "CONFIRM", "url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt" }, { "name": "20020328 OpenSSH channel_lookup() off by one exploit", "refsource": "BUGTRAQ", "url": "http://online.securityfocus.com/archive/1/264657" }, { "name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0083", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-03-06T00:00:00", "dateUpdated": "2024-08-08T02:35:17.574Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2001-0977
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:37
Severity ?
EPSS score ?
Summary
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
References
▼ | URL | Tags |
---|---|---|
http://www.cert.org/advisories/CA-2001-18.html | third-party-advisory, x_refsource_CERT | |
http://www.osvdb.org/1905 | vdb-entry, x_refsource_OSVDB | |
http://www.redhat.com/support/errata/RHSA-2001-098.html | vendor-advisory, x_refsource_REDHAT | |
http://www.debian.org/security/2001/dsa-068 | vendor-advisory, x_refsource_DEBIAN | |
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3 | vendor-advisory, x_refsource_MANDRAKE | |
http://www.kb.cert.org/vuls/id/935800 | third-party-advisory, x_refsource_CERT-VN | |
http://www.securityfocus.com/bid/3049 | vdb-entry, x_refsource_BID | |
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417 | vendor-advisory, x_refsource_CONECTIVA | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/6904 | vdb-entry, x_refsource_XF |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:37:07.240Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CA-2001-18", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.cert.org/advisories/CA-2001-18.html" }, { "name": "1905", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://www.osvdb.org/1905" }, { "name": "RHSA-2001:098", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2001-098.html" }, { "name": "DSA-068", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2001/dsa-068" }, { "name": "MDKSA-2001:069", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3" }, { "name": "VU#935800", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/935800" }, { "name": "3049", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/3049" }, { "name": "CLA-2001:417", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA", "x_transferred" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000417" }, { "name": "openldap-ldap-protos-dos(6904)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6904" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-07-16T00:00:00", "descriptions": [ { "lang": "en", "value": "slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2002-02-06T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "CA-2001-18", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.cert.org/advisories/CA-2001-18.html" }, { "name": "1905", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://www.osvdb.org/1905" }, { "name": "RHSA-2001:098", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2001-098.html" }, { "name": "DSA-068", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2001/dsa-068" }, { "name": "MDKSA-2001:069", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3" }, { "name": "VU#935800", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/935800" }, { "name": "3049", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/3049" }, { "name": "CLA-2001:417", "tags": [ "vendor-advisory", "x_refsource_CONECTIVA" ], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000417" }, { "name": "openldap-ldap-protos-dos(6904)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6904" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-0977", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "CA-2001-18", "refsource": "CERT", "url": "http://www.cert.org/advisories/CA-2001-18.html" }, { "name": "1905", "refsource": "OSVDB", "url": "http://www.osvdb.org/1905" }, { "name": "RHSA-2001:098", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2001-098.html" }, { "name": "DSA-068", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2001/dsa-068" }, { "name": "MDKSA-2001:069", "refsource": "MANDRAKE", "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3" }, { "name": "VU#935800", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/935800" }, { "name": "3049", "refsource": "BID", "url": "http://www.securityfocus.com/bid/3049" }, { "name": "CLA-2001:417", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000417" }, { "name": "openldap-ldap-protos-dos(6904)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6904" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-0977", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-01-31T00:00:00", "dateUpdated": "2024-08-08T04:37:07.240Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2001-1030
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/archive/1/197727 | mailing-list, x_refsource_BUGTRAQ | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/6862 | vdb-entry, x_refsource_XF | |
http://www.redhat.com/support/errata/RHSA-2001-097.html | vendor-advisory, x_refsource_REDHAT | |
http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01 | vendor-advisory, x_refsource_IMMUNIX | |
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3 | vendor-advisory, x_refsource_MANDRAKE | |
http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt | vendor-advisory, x_refsource_CALDERA | |
http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html | mailing-list, x_refsource_BUGTRAQ |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:44:06.644Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20010718 Squid httpd acceleration acl bug enables portscanning", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/197727" }, { "name": "squid-http-accelerator-portscanning(6862)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862" }, { "name": "RHSA-2001:097", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2001-097.html" }, { "name": "IMNX-2001-70-031-01", "tags": [ "vendor-advisory", "x_refsource_IMMUNIX", "x_transferred" ], "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01" }, { "name": "MDKSA-2001:066", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3" }, { "name": "CSSA-2001-029.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA", "x_transferred" ], "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt" }, { "name": "20010719 TSLSA-2001-0013 - Squid", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-07-18T00:00:00", "descriptions": [ { "lang": "en", "value": "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2002-02-06T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "20010718 Squid httpd acceleration acl bug enables portscanning", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/197727" }, { "name": "squid-http-accelerator-portscanning(6862)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862" }, { "name": "RHSA-2001:097", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2001-097.html" }, { "name": "IMNX-2001-70-031-01", "tags": [ "vendor-advisory", "x_refsource_IMMUNIX" ], "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01" }, { "name": "MDKSA-2001:066", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3" }, { "name": "CSSA-2001-029.0", "tags": [ "vendor-advisory", "x_refsource_CALDERA" ], "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt" }, { "name": "20010719 TSLSA-2001-0013 - Squid", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1030", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "20010718 Squid httpd acceleration acl bug enables portscanning", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/197727" }, { "name": "squid-http-accelerator-portscanning(6862)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862" }, { "name": "RHSA-2001:097", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2001-097.html" }, { "name": "IMNX-2001-70-031-01", "refsource": "IMMUNIX", "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01" }, { "name": "MDKSA-2001:066", "refsource": "MANDRAKE", "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3" }, { "name": "CSSA-2001-029.0", "refsource": "CALDERA", "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt" }, { "name": "20010719 TSLSA-2001-0013 - Squid", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1030", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-01-31T00:00:00", "dateUpdated": "2024-08-08T04:44:06.644Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2001-1449
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-08 04:58
Severity ?
EPSS score ?
Summary
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/8029 | vdb-entry, x_refsource_XF | |
http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2 | vendor-advisory, x_refsource_MANDRAKE | |
http://www.kb.cert.org/vuls/id/913704 | third-party-advisory, x_refsource_CERT-VN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-08T04:58:11.321Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "mandrake-apache-browse-directories(8029)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8029" }, { "name": "MDKSA-2001:077", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2" }, { "name": "VU#913704", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/913704" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2001-11-20T00:00:00", "descriptions": [ { "lang": "en", "value": "The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "mandrake-apache-browse-directories(8029)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8029" }, { "name": "MDKSA-2001:077", "tags": [ "vendor-advisory", "x_refsource_MANDRAKE" ], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2" }, { "name": "VU#913704", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "http://www.kb.cert.org/vuls/id/913704" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2001-1449", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "mandrake-apache-browse-directories(8029)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8029" }, { "name": "MDKSA-2001:077", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2" }, { "name": "VU#913704", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/913704" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2001-1449", "datePublished": "2005-04-21T04:00:00", "dateReserved": "2005-04-21T00:00:00", "dateUpdated": "2024-08-08T04:58:11.321Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }