Vulnerabilites related to mandrakesoft - mandrake_single_network_firewall
Vulnerability from fkie_nvd
Published
2002-03-15 05:00
Modified
2024-11-20 23:38
Severity ?
Summary
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
References
cve@mitre.orgftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.ascBroken Link
cve@mitre.orgftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.ascBroken Link
cve@mitre.orgftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txtBroken Link
cve@mitre.orgftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txtBroken Link
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2002-03/0108.htmlBroken Link
cve@mitre.orghttp://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.htmlBroken Link
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467Broken Link
cve@mitre.orghttp://marc.info/?l=bugtraq&m=101552065005254&w=2Mailing List
cve@mitre.orghttp://marc.info/?l=bugtraq&m=101553908201861&w=2Mailing List
cve@mitre.orghttp://marc.info/?l=bugtraq&m=101561384821761&w=2Mailing List
cve@mitre.orghttp://marc.info/?l=bugtraq&m=101586991827622&w=2Mailing List, Patch
cve@mitre.orghttp://online.securityfocus.com/advisories/3960Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttp://online.securityfocus.com/archive/1/264657Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txtBroken Link
cve@mitre.orghttp://www.debian.org/security/2002/dsa-119Broken Link, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/8383.phpBroken Link
cve@mitre.orghttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.phpBroken Link
cve@mitre.orghttp://www.linuxsecurity.com/advisories/other_advisory-1937.htmlBroken Link, Patch, Vendor Advisory
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2002_009_openssh_txt.htmlBroken Link
cve@mitre.orghttp://www.openbsd.org/advisories/ssh_channelalloc.txtVendor Advisory
cve@mitre.orghttp://www.osvdb.org/730Broken Link
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-043.htmlBroken Link
cve@mitre.orghttp://www.securityfocus.com/bid/4241Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.ascBroken Link
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.ascBroken Link
af854a3a-2127-422b-91ae-364da2661108ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txtBroken Link
af854a3a-2127-422b-91ae-364da2661108ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txtBroken Link
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467Broken Link
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=101552065005254&w=2Mailing List
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=101553908201861&w=2Mailing List
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=101561384821761&w=2Mailing List
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=101586991827622&w=2Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/advisories/3960Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/archive/1/264657Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txtBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2002/dsa-119Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/8383.phpBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.phpBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.linuxsecurity.com/advisories/other_advisory-1937.htmlBroken Link, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openbsd.org/advisories/ssh_channelalloc.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/730Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-043.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/4241Broken Link, Third Party Advisory, VDB Entry



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:immunix:immunix:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "660CA978-FDA1-4D48-8162-9CB9243A1B7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BE3D9D-42CA-45A4-A2BB-A7154F177A45",
              "versionEndExcluding": "3.1",
              "versionStartIncluding": "2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openpkg:openpkg:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AD28A07-6B9F-443B-88E5-7CE777012037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "537A5C29-D770-4755-A6AB-8916754E14DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AC05A9-04DA-4ED3-94D8-3254384CB724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE4BBA3-7332-45EE-8C29-BE5A473B559D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97177EF7-8FC4-4D4D-A8D9-3628AA0035FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:ecommerce:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB63DADC-A9AE-4FBA-BCCA-9714646DBD04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:graficas:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E6E71D-100E-45FA-B90A-C2F7C37E458C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:engardelinux:secure_linux:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A6E38E-9BC6-4CD7-ABC6-754C9DB07DB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "5B28763D-8F4B-45E5-82FA-AB7E54C18EBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "205EF72B-7334-4AE0-9CA6-D2E8E5910C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:i386:*:*:*:*:*",
              "matchCriteriaId": "8A206E1C-C2EC-4356-8777-B18D7069A4C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.4:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "6E2FE291-1142-4627-A497-C0BB0D934A0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "49BC7C7E-046C-4186-822E-9F3A2AD3577B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:i386:*:*:*:*:*",
              "matchCriteriaId": "2FE69F6F-6B17-4C87-ACA4-A2A1FB47206A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "467A30EB-CB8F-4928-AC8F-F659084A9E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.0:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "714C1439-AB8E-4A8B-A783-D60E9DDC38D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "62CAE5B0-4D46-4A93-A343-C8E9CB574C62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:spa:*:*:*:*:*",
              "matchCriteriaId": "FB647A8B-ADB9-402B-96E1-45321C75731B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "0944FD27-736E-4B55-8D96-9F2CA9BB9B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.1:*:x86:*:*:*:*:*",
              "matchCriteriaId": "373BB5AC-1F38-4D0A-97DC-08E9654403EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "B5E71DA3-F4A0-46AF-92A2-E691C7A65528",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.2:*:i386:*:*:*:*:*",
              "matchCriteriaId": "1975A2DD-EB22-4ED3-8719-F78AA7F414B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:i386:*:*:*:*:*",
              "matchCriteriaId": "19F606EE-530F-4C06-82DB-52035EE03FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "A0E896D5-0005-4E7E-895D-B202AFCE09A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:7.3:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "5A8B313F-93C7-4558-9571-DE1111487E17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D0DFB12-B43F-4207-A900-464A97F5124D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EBB2F7-712E-4CB1-B4B4-5F0851F3D37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges."
    },
    {
      "lang": "es",
      "value": "Error \u0027off-by-one\u0027 en el c\u00f3digo de canal de OpenSSH 2.0 a 3.0.2 permite a usuarios locales o a servidores remotos ganar privilegios."
    }
  ],
  "id": "CVE-2002-0083",
  "lastModified": "2024-11-20T23:38:16.160",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2002-03-15T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://online.securityfocus.com/advisories/3960"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://online.securityfocus.com/archive/1/264657"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2002/dsa-119"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.iss.net/security_center/static/8383.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/730"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/4241"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://online.securityfocus.com/advisories/3960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://online.securityfocus.com/archive/1/264657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2002/dsa-119"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.iss.net/security_center/static/8383.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/4241"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-193"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
References
cve@mitre.orgftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523
cve@mitre.orghttp://marc.info/?l=bugtraq&m=102795787713996&w=2
cve@mitre.orghttp://online.securityfocus.com/advisories/4320
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2002-132.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/9709.php
cve@mitre.orghttp://www.kb.cert.org/vuls/id/405955Patch, Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
cve@mitre.orghttp://www.osvdb.org/5164
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-137.html
cve@mitre.orghttp://www.securityfocus.com/bid/5344
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=102795787713996&w=2
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/advisories/4320
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2002-132.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/9709.php
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/405955Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/5164
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-137.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/5344



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "B345284D-6842-47C0-B823-B5DDC30CC8A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4853E92-5E0A-47B9-A343-D5BEE87D2C27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "5B28763D-8F4B-45E5-82FA-AB7E54C18EBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "205EF72B-7334-4AE0-9CA6-D2E8E5910C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "613A22EC-D93C-48B0-B97C-3E0DDFBD0B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB99324-3062-426F-8E2F-44DC3A7ADB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DFA94D5-0139-490C-8257-0751FE9FBAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.0:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "6931FB54-A163-4CE3-BBD9-D345AA0977A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.0:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "5ABD1331-277C-4C31-8186-978243C62255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC4D3AB-38FA-4D44-AF5C-2DCD15994E76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.1:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "C89454B9-4F45-4A42-A06D-ED42D893C544",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.1:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "1E64093E-7D53-4238-95C3-48ED5A0FFD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "6EAAC51F-9DC5-4026-8147-1B74975D6183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh."
    },
    {
      "lang": "es",
      "value": "setpwnam.c en el paquete util-linux, como se incluye en Red Hat Linux 7.3 y antieriores, y en otros sistemas operativos, no bloquea adecuadamente un fichero temporal cuando se modifica /etc/passwd, lo que puede permitir a usuarios locales ganar privilegios mediante una compleja condici\u00f3n de carrera que usa un descriptor de fichero abierto en utilidades como chfn y chsh."
    }
  ],
  "id": "CVE-2002-0638",
  "lastModified": "2024-11-20T23:39:31.580",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-08-12T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/advisories/4320"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/9709.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/405955"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/5164"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/5344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/advisories/4320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/9709.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/405955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/5164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/5344"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2001-11-28 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "28EC1F94-04F3-490A-8324-1EB60EEBAD4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30D94958-0D13-4076-B6F0-61D505136789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B22DA22E-54DA-46CF-B3AE-4B0900D8086A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F90F496A-5D57-448F-A46F-E15F06CBFD01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "89B58983-633F-4D20-80AE-8E7EB865CF83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C8989C-D8A6-4AE9-99B6-F2DAE5999EB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B6EE0E2-D608-4E72-A0E5-F407511405C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "33FD6791-3B84-40CA-BCF4-B5637B172F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DDD2F69-CFD4-4DEA-B43A-1337EEFA95A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A80B17D-FD66-40BD-9ADC-FE7A3944A696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "713ADED4-CBE5-40C3-A128-99CFABF24560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58D49AA-BBA0-4496-9A52-3D5C9DAEB58B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories."
    }
  ],
  "id": "CVE-2001-1449",
  "lastModified": "2024-11-20T23:37:43.277",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-11-28T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/913704"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/913704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8029"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2001-07-18 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A218B67-B87B-4A5E-B9EF-EF39ADEAD9FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:immunix:immunix:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB0F79BE-8EBF-44D8-83A1-9331669BED54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:immunix:immunix:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "660CA978-FDA1-4D48-8162-9CB9243A1B7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:immunix:immunix:7.0_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A2889C6-8DE0-4432-812A-F2A5C4A08897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid_web_proxy:2.3stable3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D5299EE-5CA6-4A9E-9543-BDB0ADF9ED68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squid:squid_web_proxy:2.3stable4:*:*:*:*:*:*:*",
              "matchCriteriaId": "69466E6B-CD99-4A6F-87EE-1CC430573509",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D0DFB12-B43F-4207-A900-464A97F5124D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:1.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "9406727E-365C-466F-8406-82B393537559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:trustix:secure_linux:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "13EBB2F7-712E-4CB1-B4B4-5F0851F3D37E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning."
    }
  ],
  "id": "CVE-2001-1030",
  "lastModified": "2024-11-20T23:36:42.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-07-18T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2001-097.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/197727"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2001-097.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/197727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2001-07-16 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417
cve@mitre.orghttp://www.cert.org/advisories/CA-2001-18.htmlPatch, Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.debian.org/security/2001/dsa-068
cve@mitre.orghttp://www.kb.cert.org/vuls/id/935800Patch, Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3Patch, Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/1905
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2001-098.html
cve@mitre.orghttp://www.securityfocus.com/bid/3049Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/6904
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417
af854a3a-2127-422b-91ae-364da2661108http://www.cert.org/advisories/CA-2001-18.htmlPatch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2001/dsa-068
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/935800Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/1905
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2001-098.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3049Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/6904



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "086DC60F-F530-4515-8F3D-87F30DB9B322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D538927-82D5-476E-9C85-2E9297316D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A904832-A6D6-45D4-B07C-79ED1FE47A80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BB554A4-EEC2-4E17-9F32-27A580B9E389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "191DB249-6A73-4561-8CCA-565D1525CB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "34A5D9A5-FB1D-4ACF-846A-4DB73196122C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41400CE6-FA51-435C-93F7-B31FE42F18AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6022ABEB-6825-4A5F-9884-74F94C2387F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2F15789-334D-460D-B5B3-FCC71087D107",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F77B1548-BB6D-4618-AE7B-E97F91A0AF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7064C52-1211-42B8-BF1F-C22D800AED07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CD95826-E44A-48C6-BAAB-77A905CAE6B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEEA6BB6-41FC-4F15-A95F-9B052F062454",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90766C1-6DBD-435C-85E1-920DAFA26D67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD13DAE-9588-4540-9183-FB80C507F985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "526366F3-52F0-4816-A356-8F39B718C048",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC07AD0D-5DF9-41A4-8592-CEFF1842355D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "30017C56-42A9-4AF9-B5B3-7357E424F837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8A51F38-3F5A-4F6D-93EE-776B5C2FF48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBEC27E-3220-42CE-B6CC-675F387CB506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E641DFFB-CBAF-4DCF-944F-443CFF836A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:1.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "A552E270-5C9C-40DC-B23D-97C8D995B8FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "552F2E25-DDB8-49A6-844A-8520696DBE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D75A36-41C4-464F-8DC4-42C841ABC087",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C3EE919-D05C-4625-85FE-132F6F2B932C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "20D99A58-8D7E-4586-A9BF-1DD2A1DBB8D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEBA0118-545E-4D7B-B819-34D157B2BA6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "67826609-F4CA-42CB-A5D0-B4503DDE2C92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "61676BBD-95B8-44C9-BD66-79F00381BF86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openldap:openldap:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "719A9B1D-8E32-461F-BCD4-F72C6AD3E63E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B90124-0543-4226-BFF4-13CCCBCCB243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field."
    }
  ],
  "id": "CVE-2001-0977",
  "lastModified": "2024-11-20T23:36:34.800",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-07-16T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000417"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2001-18.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2001/dsa-068"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/935800"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/1905"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2001-098.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3049"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6904"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.cert.org/advisories/CA-2001-18.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2001/dsa-068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/935800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/1905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2001-098.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/3049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6904"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2002-0638
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
Summary
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
References
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txtvendor-advisory, x_refsource_CALDERA
http://www.securityfocus.com/bid/5344vdb-entry, x_refsource_BID
http://www.iss.net/security_center/static/9709.phpvdb-entry, x_refsource_XF
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.phpvendor-advisory, x_refsource_MANDRAKE
http://rhn.redhat.com/errata/RHSA-2002-132.htmlvendor-advisory, x_refsource_REDHAT
http://www.kb.cert.org/vuls/id/405955third-party-advisory, x_refsource_CERT-VN
http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.htmlmailing-list, x_refsource_VULNWATCH
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523vendor-advisory, x_refsource_CONECTIVA
http://online.securityfocus.com/advisories/4320vendor-advisory, x_refsource_HP
http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.htmlmailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=102795787713996&w=2mailing-list, x_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2002-137.htmlvendor-advisory, x_refsource_REDHAT
http://www.osvdb.org/5164vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:56:38.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CSSA-2002-043.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
          },
          {
            "name": "5344",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5344"
          },
          {
            "name": "utillinux-chfn-race-condition(9709)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9709.php"
          },
          {
            "name": "MDKSA-2002:047",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
          },
          {
            "name": "RHSA-2002:132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
          },
          {
            "name": "VU#405955",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/405955"
          },
          {
            "name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
          },
          {
            "name": "CLA-2002:523",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
          },
          {
            "name": "HPSBTL0207-054",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/4320"
          },
          {
            "name": "20020730 TSLSA-2002-0064 - util-linux",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
          },
          {
            "name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
          },
          {
            "name": "RHSA-2002:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
          },
          {
            "name": "5164",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/5164"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-07-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2003-03-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CSSA-2002-043.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
        },
        {
          "name": "5344",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5344"
        },
        {
          "name": "utillinux-chfn-race-condition(9709)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9709.php"
        },
        {
          "name": "MDKSA-2002:047",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
        },
        {
          "name": "RHSA-2002:132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
        },
        {
          "name": "VU#405955",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/405955"
        },
        {
          "name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
        },
        {
          "name": "CLA-2002:523",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
        },
        {
          "name": "HPSBTL0207-054",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/4320"
        },
        {
          "name": "20020730 TSLSA-2002-0064 - util-linux",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
        },
        {
          "name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
        },
        {
          "name": "RHSA-2002:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
        },
        {
          "name": "5164",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/5164"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0638",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CSSA-2002-043.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
            },
            {
              "name": "5344",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5344"
            },
            {
              "name": "utillinux-chfn-race-condition(9709)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9709.php"
            },
            {
              "name": "MDKSA-2002:047",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
            },
            {
              "name": "RHSA-2002:132",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
            },
            {
              "name": "VU#405955",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/405955"
            },
            {
              "name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
            },
            {
              "name": "CLA-2002:523",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
            },
            {
              "name": "HPSBTL0207-054",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/4320"
            },
            {
              "name": "20020730 TSLSA-2002-0064 - util-linux",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
            },
            {
              "name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
            },
            {
              "name": "RHSA-2002:137",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
            },
            {
              "name": "5164",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/5164"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0638",
    "datePublished": "2003-04-02T05:00:00",
    "dateReserved": "2002-06-27T00:00:00",
    "dateUpdated": "2024-08-08T02:56:38.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-0083
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:35
Severity ?
Summary
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
References
http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.htmlmailing-list, x_refsource_BUGTRAQ
ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txtvendor-advisory, x_refsource_CALDERA
http://www.osvdb.org/730vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/4241vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=101561384821761&w=2mailing-list, x_refsource_BUGTRAQ
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txtvendor-advisory, x_refsource_CALDERA
http://online.securityfocus.com/advisories/3960vendor-advisory, x_refsource_HP
http://www.debian.org/security/2002/dsa-119vendor-advisory, x_refsource_DEBIAN
http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.htmlvendor-advisory, x_refsource_SUSE
http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txtvendor-advisory, x_refsource_CALDERA
http://marc.info/?l=bugtraq&m=101586991827622&w=2mailing-list, x_refsource_BUGTRAQ
http://www.linuxsecurity.com/advisories/other_advisory-1937.htmlvendor-advisory, x_refsource_ENGARDE
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467vendor-advisory, x_refsource_CONECTIVA
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.ascvendor-advisory, x_refsource_NETBSD
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.ascvendor-advisory, x_refsource_FREEBSD
http://marc.info/?l=bugtraq&m=101553908201861&w=2mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=101552065005254&w=2mailing-list, x_refsource_BUGTRAQ
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.phpvendor-advisory, x_refsource_MANDRAKE
http://www.redhat.com/support/errata/RHSA-2002-043.htmlvendor-advisory, x_refsource_REDHAT
http://www.iss.net/security_center/static/8383.phpvdb-entry, x_refsource_XF
http://www.openbsd.org/advisories/ssh_channelalloc.txtx_refsource_CONFIRM
http://online.securityfocus.com/archive/1/264657mailing-list, x_refsource_BUGTRAQ
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.htmlmailing-list, x_refsource_VULNWATCH
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:35:17.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20020311 TSLSA-2002-0039 - openssh",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
          },
          {
            "name": "CSSA-2002-SCO.10",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
          },
          {
            "name": "730",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/730"
          },
          {
            "name": "4241",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4241"
          },
          {
            "name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
          },
          {
            "name": "CSSA-2002-SCO.11",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
          },
          {
            "name": "HPSBTL0203-029",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/3960"
          },
          {
            "name": "DSA-119",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2002/dsa-119"
          },
          {
            "name": "SuSE-SA:2002:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
          },
          {
            "name": "CSSA-2002-012.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
          },
          {
            "name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
          },
          {
            "name": "ESA-20020307-007",
            "tags": [
              "vendor-advisory",
              "x_refsource_ENGARDE",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
          },
          {
            "name": "CLA-2002:467",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
          },
          {
            "name": "NetBSD-SA2002-004",
            "tags": [
              "vendor-advisory",
              "x_refsource_NETBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
          },
          {
            "name": "FreeBSD-SA-02:13",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
          },
          {
            "name": "20020307 OpenSSH Security Advisory (adv.channelalloc)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
          },
          {
            "name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
          },
          {
            "name": "MDKSA-2002:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
          },
          {
            "name": "RHSA-2002:043",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
          },
          {
            "name": "openssh-channel-error(8383)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/8383.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
          },
          {
            "name": "20020328 OpenSSH channel_lookup() off by one exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/264657"
          },
          {
            "name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-03-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-06-16T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20020311 TSLSA-2002-0039 - openssh",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
        },
        {
          "name": "CSSA-2002-SCO.10",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
        },
        {
          "name": "730",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/730"
        },
        {
          "name": "4241",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4241"
        },
        {
          "name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
        },
        {
          "name": "CSSA-2002-SCO.11",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
        },
        {
          "name": "HPSBTL0203-029",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/3960"
        },
        {
          "name": "DSA-119",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2002/dsa-119"
        },
        {
          "name": "SuSE-SA:2002:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
        },
        {
          "name": "CSSA-2002-012.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
        },
        {
          "name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
        },
        {
          "name": "ESA-20020307-007",
          "tags": [
            "vendor-advisory",
            "x_refsource_ENGARDE"
          ],
          "url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
        },
        {
          "name": "CLA-2002:467",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
        },
        {
          "name": "NetBSD-SA2002-004",
          "tags": [
            "vendor-advisory",
            "x_refsource_NETBSD"
          ],
          "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
        },
        {
          "name": "FreeBSD-SA-02:13",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
        },
        {
          "name": "20020307 OpenSSH Security Advisory (adv.channelalloc)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
        },
        {
          "name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
        },
        {
          "name": "MDKSA-2002:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
        },
        {
          "name": "RHSA-2002:043",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
        },
        {
          "name": "openssh-channel-error(8383)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/8383.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
        },
        {
          "name": "20020328 OpenSSH channel_lookup() off by one exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/264657"
        },
        {
          "name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0083",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20020311 TSLSA-2002-0039 - openssh",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html"
            },
            {
              "name": "CSSA-2002-SCO.10",
              "refsource": "CALDERA",
              "url": "ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt"
            },
            {
              "name": "730",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/730"
            },
            {
              "name": "4241",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4241"
            },
            {
              "name": "20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=101561384821761\u0026w=2"
            },
            {
              "name": "CSSA-2002-SCO.11",
              "refsource": "CALDERA",
              "url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt"
            },
            {
              "name": "HPSBTL0203-029",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/3960"
            },
            {
              "name": "DSA-119",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2002/dsa-119"
            },
            {
              "name": "SuSE-SA:2002:009",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html"
            },
            {
              "name": "CSSA-2002-012.0",
              "refsource": "CALDERA",
              "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt"
            },
            {
              "name": "20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=101586991827622\u0026w=2"
            },
            {
              "name": "ESA-20020307-007",
              "refsource": "ENGARDE",
              "url": "http://www.linuxsecurity.com/advisories/other_advisory-1937.html"
            },
            {
              "name": "CLA-2002:467",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000467"
            },
            {
              "name": "NetBSD-SA2002-004",
              "refsource": "NETBSD",
              "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc"
            },
            {
              "name": "FreeBSD-SA-02:13",
              "refsource": "FREEBSD",
              "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc"
            },
            {
              "name": "20020307 OpenSSH Security Advisory (adv.channelalloc)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=101553908201861\u0026w=2"
            },
            {
              "name": "20020307 [PINE-CERT-20020301] OpenSSH off-by-one",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=101552065005254\u0026w=2"
            },
            {
              "name": "MDKSA-2002:019",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php"
            },
            {
              "name": "RHSA-2002:043",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-043.html"
            },
            {
              "name": "openssh-channel-error(8383)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/8383.php"
            },
            {
              "name": "http://www.openbsd.org/advisories/ssh_channelalloc.txt",
              "refsource": "CONFIRM",
              "url": "http://www.openbsd.org/advisories/ssh_channelalloc.txt"
            },
            {
              "name": "20020328 OpenSSH channel_lookup() off by one exploit",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/264657"
            },
            {
              "name": "20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0083",
    "datePublished": "2002-06-25T04:00:00",
    "dateReserved": "2002-03-06T00:00:00",
    "dateUpdated": "2024-08-08T02:35:17.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-0977
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:37
Severity ?
Summary
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
References
http://www.cert.org/advisories/CA-2001-18.htmlthird-party-advisory, x_refsource_CERT
http://www.osvdb.org/1905vdb-entry, x_refsource_OSVDB
http://www.redhat.com/support/errata/RHSA-2001-098.htmlvendor-advisory, x_refsource_REDHAT
http://www.debian.org/security/2001/dsa-068vendor-advisory, x_refsource_DEBIAN
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3vendor-advisory, x_refsource_MANDRAKE
http://www.kb.cert.org/vuls/id/935800third-party-advisory, x_refsource_CERT-VN
http://www.securityfocus.com/bid/3049vdb-entry, x_refsource_BID
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417vendor-advisory, x_refsource_CONECTIVA
https://exchange.xforce.ibmcloud.com/vulnerabilities/6904vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:37:07.240Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CA-2001-18",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.cert.org/advisories/CA-2001-18.html"
          },
          {
            "name": "1905",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/1905"
          },
          {
            "name": "RHSA-2001:098",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2001-098.html"
          },
          {
            "name": "DSA-068",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2001/dsa-068"
          },
          {
            "name": "MDKSA-2001:069",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3"
          },
          {
            "name": "VU#935800",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/935800"
          },
          {
            "name": "3049",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3049"
          },
          {
            "name": "CLA-2001:417",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000417"
          },
          {
            "name": "openldap-ldap-protos-dos(6904)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-07-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-02-06T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CA-2001-18",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.cert.org/advisories/CA-2001-18.html"
        },
        {
          "name": "1905",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/1905"
        },
        {
          "name": "RHSA-2001:098",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2001-098.html"
        },
        {
          "name": "DSA-068",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2001/dsa-068"
        },
        {
          "name": "MDKSA-2001:069",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3"
        },
        {
          "name": "VU#935800",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/935800"
        },
        {
          "name": "3049",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3049"
        },
        {
          "name": "CLA-2001:417",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000417"
        },
        {
          "name": "openldap-ldap-protos-dos(6904)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6904"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-0977",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CA-2001-18",
              "refsource": "CERT",
              "url": "http://www.cert.org/advisories/CA-2001-18.html"
            },
            {
              "name": "1905",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/1905"
            },
            {
              "name": "RHSA-2001:098",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2001-098.html"
            },
            {
              "name": "DSA-068",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2001/dsa-068"
            },
            {
              "name": "MDKSA-2001:069",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3"
            },
            {
              "name": "VU#935800",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/935800"
            },
            {
              "name": "3049",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3049"
            },
            {
              "name": "CLA-2001:417",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000417"
            },
            {
              "name": "openldap-ldap-protos-dos(6904)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6904"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-0977",
    "datePublished": "2002-06-25T04:00:00",
    "dateReserved": "2002-01-31T00:00:00",
    "dateUpdated": "2024-08-08T04:37:07.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-1030
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
Summary
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:44:06.644Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20010718 Squid httpd acceleration acl bug enables portscanning",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/197727"
          },
          {
            "name": "squid-http-accelerator-portscanning(6862)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862"
          },
          {
            "name": "RHSA-2001:097",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2001-097.html"
          },
          {
            "name": "IMNX-2001-70-031-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_IMMUNIX",
              "x_transferred"
            ],
            "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01"
          },
          {
            "name": "MDKSA-2001:066",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3"
          },
          {
            "name": "CSSA-2001-029.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt"
          },
          {
            "name": "20010719 TSLSA-2001-0013 - Squid",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-07-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-02-06T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20010718 Squid httpd acceleration acl bug enables portscanning",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/197727"
        },
        {
          "name": "squid-http-accelerator-portscanning(6862)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862"
        },
        {
          "name": "RHSA-2001:097",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2001-097.html"
        },
        {
          "name": "IMNX-2001-70-031-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_IMMUNIX"
          ],
          "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01"
        },
        {
          "name": "MDKSA-2001:066",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3"
        },
        {
          "name": "CSSA-2001-029.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt"
        },
        {
          "name": "20010719 TSLSA-2001-0013 - Squid",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1030",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20010718 Squid httpd acceleration acl bug enables portscanning",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/197727"
            },
            {
              "name": "squid-http-accelerator-portscanning(6862)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6862"
            },
            {
              "name": "RHSA-2001:097",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2001-097.html"
            },
            {
              "name": "IMNX-2001-70-031-01",
              "refsource": "IMMUNIX",
              "url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01"
            },
            {
              "name": "MDKSA-2001:066",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3"
            },
            {
              "name": "CSSA-2001-029.0",
              "refsource": "CALDERA",
              "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt"
            },
            {
              "name": "20010719 TSLSA-2001-0013 - Squid",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1030",
    "datePublished": "2002-06-25T04:00:00",
    "dateReserved": "2002-01-31T00:00:00",
    "dateUpdated": "2024-08-08T04:44:06.644Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-1449
Vulnerability from cvelistv5
Published
2005-04-21 04:00
Modified
2024-08-08 04:58
Severity ?
Summary
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/8029vdb-entry, x_refsource_XF
http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2vendor-advisory, x_refsource_MANDRAKE
http://www.kb.cert.org/vuls/id/913704third-party-advisory, x_refsource_CERT-VN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:58:11.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "mandrake-apache-browse-directories(8029)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8029"
          },
          {
            "name": "MDKSA-2001:077",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2"
          },
          {
            "name": "VU#913704",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/913704"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-11-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "mandrake-apache-browse-directories(8029)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8029"
        },
        {
          "name": "MDKSA-2001:077",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2"
        },
        {
          "name": "VU#913704",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/913704"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "mandrake-apache-browse-directories(8029)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8029"
            },
            {
              "name": "MDKSA-2001:077",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2"
            },
            {
              "name": "VU#913704",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/913704"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1449",
    "datePublished": "2005-04-21T04:00:00",
    "dateReserved": "2005-04-21T00:00:00",
    "dateUpdated": "2024-08-08T04:58:11.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}