Search criteria

18 vulnerabilities found for secure_os by hp

CVE-2001-1563 (GCVE-0-2001-1563)

Vulnerability from cvelistv5 – Published: 2005-07-14 04:00 – Updated: 2024-08-08 04:58
VLAI?
Summary
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:58:11.400Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "tomcat-unspecified-unauthorized-access(42892)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892"
          },
          {
            "name": "HPSBTL0112-004",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources.  NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "tomcat-unspecified-unauthorized-access(42892)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892"
        },
        {
          "name": "HPSBTL0112-004",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1563",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources.  NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "tomcat-unspecified-unauthorized-access(42892)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892"
            },
            {
              "name": "HPSBTL0112-004",
              "refsource": "HP",
              "url": "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1563",
    "datePublished": "2005-07-14T04:00:00",
    "dateReserved": "2005-07-14T00:00:00",
    "dateUpdated": "2024-08-08T04:58:11.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2001-1506 (GCVE-0-2001-1506)

Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 04:58
VLAI?
Summary
Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:58:11.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3468",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3468"
          },
          {
            "name": "hp-secure-unauth-privileges(7342)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342"
          },
          {
            "name": "HPSBTL0110-001",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/3618"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-10-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3468",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3468"
        },
        {
          "name": "hp-secure-unauth-privileges(7342)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342"
        },
        {
          "name": "HPSBTL0110-001",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/3618"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1506",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3468",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3468"
            },
            {
              "name": "hp-secure-unauth-privileges(7342)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342"
            },
            {
              "name": "HPSBTL0110-001",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/3618"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1506",
    "datePublished": "2005-06-21T04:00:00",
    "dateReserved": "2005-06-21T00:00:00",
    "dateUpdated": "2024-08-08T04:58:11.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0835 (GCVE-0-2002-0835)

Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:03
VLAI?
Summary
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:03:49.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "5596",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5596"
          },
          {
            "name": "CSSA-2002-044.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt"
          },
          {
            "name": "pxe-dhcp-dos(10003)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10003.php"
          },
          {
            "name": "HPSBTL0209-066",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/4449"
          },
          {
            "name": "RHSA-2002:162",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-162.html"
          },
          {
            "name": "RHSA-2002:165",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-165.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-08-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-11-14T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "5596",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5596"
        },
        {
          "name": "CSSA-2002-044.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt"
        },
        {
          "name": "pxe-dhcp-dos(10003)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10003.php"
        },
        {
          "name": "HPSBTL0209-066",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/4449"
        },
        {
          "name": "RHSA-2002:162",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-162.html"
        },
        {
          "name": "RHSA-2002:165",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-165.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0835",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "5596",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5596"
            },
            {
              "name": "CSSA-2002-044.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt"
            },
            {
              "name": "pxe-dhcp-dos(10003)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10003.php"
            },
            {
              "name": "HPSBTL0209-066",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/4449"
            },
            {
              "name": "RHSA-2002:162",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-162.html"
            },
            {
              "name": "RHSA-2002:165",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-165.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0835",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2002-08-08T00:00:00",
    "dateUpdated": "2024-08-08T03:03:49.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-1232 (GCVE-0-2002-1232)

Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://online.securityfocus.com/advisories/4605 vendor-advisoryx_refsource_HP
http://www.redhat.com/support/errata/RHSA-2003-229.html vendor-advisoryx_refsource_REDHAT
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… vendor-advisoryx_refsource_CALDERA
http://www.debian.org/security/2002/dsa-180 vendor-advisoryx_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2002-224.html vendor-advisoryx_refsource_REDHAT
http://www.linux-mandrake.com/en/security/2002/MD… vendor-advisoryx_refsource_MANDRAKE
http://www.iss.net/security_center/static/10423.php vdb-entryx_refsource_XF
http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
http://www.redhat.com/support/errata/RHSA-2002-223.html vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/6016 vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=103582692228894&w=2 mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:19:28.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBTL0210-074",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/4605"
          },
          {
            "name": "RHSA-2003:229",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-229.html"
          },
          {
            "name": "CSSA-2002-054.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt"
          },
          {
            "name": "DSA-180",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2002/dsa-180"
          },
          {
            "name": "RHSA-2002:224",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-224.html"
          },
          {
            "name": "MDKSA-2002:078",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php"
          },
          {
            "name": "ypserv-map-memory-leak(10423)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10423.php"
          },
          {
            "name": "CLA-2002:539",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000539"
          },
          {
            "name": "RHSA-2002:223",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-223.html"
          },
          {
            "name": "6016",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6016"
          },
          {
            "name": "20021028 GLSA: ypserv",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=103582692228894\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-10-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-08-18T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "HPSBTL0210-074",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/4605"
        },
        {
          "name": "RHSA-2003:229",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-229.html"
        },
        {
          "name": "CSSA-2002-054.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt"
        },
        {
          "name": "DSA-180",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2002/dsa-180"
        },
        {
          "name": "RHSA-2002:224",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-224.html"
        },
        {
          "name": "MDKSA-2002:078",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php"
        },
        {
          "name": "ypserv-map-memory-leak(10423)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10423.php"
        },
        {
          "name": "CLA-2002:539",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000539"
        },
        {
          "name": "RHSA-2002:223",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-223.html"
        },
        {
          "name": "6016",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6016"
        },
        {
          "name": "20021028 GLSA: ypserv",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=103582692228894\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1232",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBTL0210-074",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/4605"
            },
            {
              "name": "RHSA-2003:229",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-229.html"
            },
            {
              "name": "CSSA-2002-054.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt"
            },
            {
              "name": "DSA-180",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2002/dsa-180"
            },
            {
              "name": "RHSA-2002:224",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-224.html"
            },
            {
              "name": "MDKSA-2002:078",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php"
            },
            {
              "name": "ypserv-map-memory-leak(10423)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10423.php"
            },
            {
              "name": "CLA-2002:539",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000539"
            },
            {
              "name": "RHSA-2002:223",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-223.html"
            },
            {
              "name": "6016",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6016"
            },
            {
              "name": "20021028 GLSA: ypserv",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=103582692228894\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1232",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2002-10-22T00:00:00",
    "dateUpdated": "2024-08-08T03:19:28.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0836 (GCVE-0-2002-0836)

Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:03
VLAI?
Summary
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://marc.info/?l=bugtraq&m=103497852330838&w=2 mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/5978 vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=104005975415582&w=2 mailing-listx_refsource_BUGTRAQ
http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
http://www.kb.cert.org/vuls/id/169841 third-party-advisoryx_refsource_CERT-VN
http://www.debian.org/security/2002/dsa-207 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/advisories/4567 vendor-advisoryx_refsource_HP
http://www.redhat.com/support/errata/RHSA-2002-195.html vendor-advisoryx_refsource_REDHAT
http://www.iss.net/security_center/static/10365.php vdb-entryx_refsource_XF
http://www.redhat.com/support/errata/RHSA-2002-194.html vendor-advisoryx_refsource_REDHAT
http://www.linux-mandrake.com/en/security/2002/MD… vendor-advisoryx_refsource_MANDRAKE
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:03:49.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20021018 GLSA: tetex",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=103497852330838\u0026w=2"
          },
          {
            "name": "5978",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5978"
          },
          {
            "name": "20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104005975415582\u0026w=2"
          },
          {
            "name": "CLA-2002:537",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000537"
          },
          {
            "name": "VU#169841",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/169841"
          },
          {
            "name": "DSA-207",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2002/dsa-207"
          },
          {
            "name": "HPSBTL0210-073",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/advisories/4567"
          },
          {
            "name": "RHSA-2002:195",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-195.html"
          },
          {
            "name": "dvips-system-execute-commands(10365)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10365.php"
          },
          {
            "name": "RHSA-2002:194",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-194.html"
          },
          {
            "name": "MDKSA-2002:070",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-07-25T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20021018 GLSA: tetex",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=103497852330838\u0026w=2"
        },
        {
          "name": "5978",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5978"
        },
        {
          "name": "20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104005975415582\u0026w=2"
        },
        {
          "name": "CLA-2002:537",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000537"
        },
        {
          "name": "VU#169841",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/169841"
        },
        {
          "name": "DSA-207",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2002/dsa-207"
        },
        {
          "name": "HPSBTL0210-073",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/advisories/4567"
        },
        {
          "name": "RHSA-2002:195",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-195.html"
        },
        {
          "name": "dvips-system-execute-commands(10365)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10365.php"
        },
        {
          "name": "RHSA-2002:194",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-194.html"
        },
        {
          "name": "MDKSA-2002:070",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0836",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20021018 GLSA: tetex",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=103497852330838\u0026w=2"
            },
            {
              "name": "5978",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5978"
            },
            {
              "name": "20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104005975415582\u0026w=2"
            },
            {
              "name": "CLA-2002:537",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000537"
            },
            {
              "name": "VU#169841",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/169841"
            },
            {
              "name": "DSA-207",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2002/dsa-207"
            },
            {
              "name": "HPSBTL0210-073",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/advisories/4567"
            },
            {
              "name": "RHSA-2002:195",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-195.html"
            },
            {
              "name": "dvips-system-execute-commands(10365)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10365.php"
            },
            {
              "name": "RHSA-2002:194",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-194.html"
            },
            {
              "name": "MDKSA-2002:070",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0836",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2002-08-08T00:00:00",
    "dateUpdated": "2024-08-08T03:03:49.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0638 (GCVE-0-2002-0638)

Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:56
VLAI?
Summary
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… vendor-advisoryx_refsource_CALDERA
http://www.securityfocus.com/bid/5344 vdb-entryx_refsource_BID
http://www.iss.net/security_center/static/9709.php vdb-entryx_refsource_XF
http://www.linux-mandrake.com/en/security/2002/MD… vendor-advisoryx_refsource_MANDRAKE
http://rhn.redhat.com/errata/RHSA-2002-132.html vendor-advisoryx_refsource_REDHAT
http://www.kb.cert.org/vuls/id/405955 third-party-advisoryx_refsource_CERT-VN
http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_VULNWATCH
http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
http://online.securityfocus.com/advisories/4320 vendor-advisoryx_refsource_HP
http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=102795787713996&w=2 mailing-listx_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2002-137.html vendor-advisoryx_refsource_REDHAT
http://www.osvdb.org/5164 vdb-entryx_refsource_OSVDB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:56:38.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CSSA-2002-043.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
          },
          {
            "name": "5344",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5344"
          },
          {
            "name": "utillinux-chfn-race-condition(9709)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9709.php"
          },
          {
            "name": "MDKSA-2002:047",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
          },
          {
            "name": "RHSA-2002:132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
          },
          {
            "name": "VU#405955",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/405955"
          },
          {
            "name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
          },
          {
            "name": "CLA-2002:523",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
          },
          {
            "name": "HPSBTL0207-054",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/4320"
          },
          {
            "name": "20020730 TSLSA-2002-0064 - util-linux",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
          },
          {
            "name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
          },
          {
            "name": "RHSA-2002:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
          },
          {
            "name": "5164",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/5164"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-07-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2003-03-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CSSA-2002-043.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
        },
        {
          "name": "5344",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5344"
        },
        {
          "name": "utillinux-chfn-race-condition(9709)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9709.php"
        },
        {
          "name": "MDKSA-2002:047",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
        },
        {
          "name": "RHSA-2002:132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
        },
        {
          "name": "VU#405955",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/405955"
        },
        {
          "name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
        },
        {
          "name": "CLA-2002:523",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
        },
        {
          "name": "HPSBTL0207-054",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/4320"
        },
        {
          "name": "20020730 TSLSA-2002-0064 - util-linux",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
        },
        {
          "name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
        },
        {
          "name": "RHSA-2002:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
        },
        {
          "name": "5164",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/5164"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0638",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CSSA-2002-043.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
            },
            {
              "name": "5344",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5344"
            },
            {
              "name": "utillinux-chfn-race-condition(9709)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9709.php"
            },
            {
              "name": "MDKSA-2002:047",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
            },
            {
              "name": "RHSA-2002:132",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
            },
            {
              "name": "VU#405955",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/405955"
            },
            {
              "name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
            },
            {
              "name": "CLA-2002:523",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
            },
            {
              "name": "HPSBTL0207-054",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/4320"
            },
            {
              "name": "20020730 TSLSA-2002-0064 - util-linux",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
            },
            {
              "name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
            },
            {
              "name": "RHSA-2002:137",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
            },
            {
              "name": "5164",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/5164"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0638",
    "datePublished": "2003-04-02T05:00:00",
    "dateReserved": "2002-06-27T00:00:00",
    "dateUpdated": "2024-08-08T02:56:38.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2001-1563 (GCVE-0-2001-1563)

Vulnerability from nvd – Published: 2005-07-14 04:00 – Updated: 2024-08-08 04:58
VLAI?
Summary
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:58:11.400Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "tomcat-unspecified-unauthorized-access(42892)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892"
          },
          {
            "name": "HPSBTL0112-004",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources.  NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "tomcat-unspecified-unauthorized-access(42892)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892"
        },
        {
          "name": "HPSBTL0112-004",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1563",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources.  NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "tomcat-unspecified-unauthorized-access(42892)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892"
            },
            {
              "name": "HPSBTL0112-004",
              "refsource": "HP",
              "url": "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1563",
    "datePublished": "2005-07-14T04:00:00",
    "dateReserved": "2005-07-14T00:00:00",
    "dateUpdated": "2024-08-08T04:58:11.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2001-1506 (GCVE-0-2001-1506)

Vulnerability from nvd – Published: 2005-06-21 04:00 – Updated: 2024-08-08 04:58
VLAI?
Summary
Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:58:11.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3468",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/3468"
          },
          {
            "name": "hp-secure-unauth-privileges(7342)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342"
          },
          {
            "name": "HPSBTL0110-001",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/3618"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-10-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3468",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/3468"
        },
        {
          "name": "hp-secure-unauth-privileges(7342)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342"
        },
        {
          "name": "HPSBTL0110-001",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/3618"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-1506",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3468",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/3468"
            },
            {
              "name": "hp-secure-unauth-privileges(7342)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342"
            },
            {
              "name": "HPSBTL0110-001",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/3618"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-1506",
    "datePublished": "2005-06-21T04:00:00",
    "dateReserved": "2005-06-21T00:00:00",
    "dateUpdated": "2024-08-08T04:58:11.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0835 (GCVE-0-2002-0835)

Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:03
VLAI?
Summary
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:03:49.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "5596",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5596"
          },
          {
            "name": "CSSA-2002-044.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt"
          },
          {
            "name": "pxe-dhcp-dos(10003)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10003.php"
          },
          {
            "name": "HPSBTL0209-066",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/4449"
          },
          {
            "name": "RHSA-2002:162",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-162.html"
          },
          {
            "name": "RHSA-2002:165",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-165.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-08-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-11-14T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "5596",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5596"
        },
        {
          "name": "CSSA-2002-044.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt"
        },
        {
          "name": "pxe-dhcp-dos(10003)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10003.php"
        },
        {
          "name": "HPSBTL0209-066",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/4449"
        },
        {
          "name": "RHSA-2002:162",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-162.html"
        },
        {
          "name": "RHSA-2002:165",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-165.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0835",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "5596",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5596"
            },
            {
              "name": "CSSA-2002-044.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt"
            },
            {
              "name": "pxe-dhcp-dos(10003)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10003.php"
            },
            {
              "name": "HPSBTL0209-066",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/4449"
            },
            {
              "name": "RHSA-2002:162",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-162.html"
            },
            {
              "name": "RHSA-2002:165",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-165.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0835",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2002-08-08T00:00:00",
    "dateUpdated": "2024-08-08T03:03:49.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-1232 (GCVE-0-2002-1232)

Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI?
Summary
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://online.securityfocus.com/advisories/4605 vendor-advisoryx_refsource_HP
http://www.redhat.com/support/errata/RHSA-2003-229.html vendor-advisoryx_refsource_REDHAT
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… vendor-advisoryx_refsource_CALDERA
http://www.debian.org/security/2002/dsa-180 vendor-advisoryx_refsource_DEBIAN
http://www.redhat.com/support/errata/RHSA-2002-224.html vendor-advisoryx_refsource_REDHAT
http://www.linux-mandrake.com/en/security/2002/MD… vendor-advisoryx_refsource_MANDRAKE
http://www.iss.net/security_center/static/10423.php vdb-entryx_refsource_XF
http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
http://www.redhat.com/support/errata/RHSA-2002-223.html vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/6016 vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=103582692228894&w=2 mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:19:28.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "HPSBTL0210-074",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/4605"
          },
          {
            "name": "RHSA-2003:229",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-229.html"
          },
          {
            "name": "CSSA-2002-054.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt"
          },
          {
            "name": "DSA-180",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2002/dsa-180"
          },
          {
            "name": "RHSA-2002:224",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-224.html"
          },
          {
            "name": "MDKSA-2002:078",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php"
          },
          {
            "name": "ypserv-map-memory-leak(10423)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10423.php"
          },
          {
            "name": "CLA-2002:539",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000539"
          },
          {
            "name": "RHSA-2002:223",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-223.html"
          },
          {
            "name": "6016",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6016"
          },
          {
            "name": "20021028 GLSA: ypserv",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=103582692228894\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-10-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-08-18T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "HPSBTL0210-074",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/4605"
        },
        {
          "name": "RHSA-2003:229",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-229.html"
        },
        {
          "name": "CSSA-2002-054.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt"
        },
        {
          "name": "DSA-180",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2002/dsa-180"
        },
        {
          "name": "RHSA-2002:224",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-224.html"
        },
        {
          "name": "MDKSA-2002:078",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php"
        },
        {
          "name": "ypserv-map-memory-leak(10423)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10423.php"
        },
        {
          "name": "CLA-2002:539",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000539"
        },
        {
          "name": "RHSA-2002:223",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-223.html"
        },
        {
          "name": "6016",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6016"
        },
        {
          "name": "20021028 GLSA: ypserv",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=103582692228894\u0026w=2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-1232",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "HPSBTL0210-074",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/4605"
            },
            {
              "name": "RHSA-2003:229",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-229.html"
            },
            {
              "name": "CSSA-2002-054.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt"
            },
            {
              "name": "DSA-180",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2002/dsa-180"
            },
            {
              "name": "RHSA-2002:224",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-224.html"
            },
            {
              "name": "MDKSA-2002:078",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php"
            },
            {
              "name": "ypserv-map-memory-leak(10423)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10423.php"
            },
            {
              "name": "CLA-2002:539",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000539"
            },
            {
              "name": "RHSA-2002:223",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-223.html"
            },
            {
              "name": "6016",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6016"
            },
            {
              "name": "20021028 GLSA: ypserv",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=103582692228894\u0026w=2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-1232",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2002-10-22T00:00:00",
    "dateUpdated": "2024-08-08T03:19:28.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0836 (GCVE-0-2002-0836)

Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:03
VLAI?
Summary
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://marc.info/?l=bugtraq&m=103497852330838&w=2 mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/5978 vdb-entryx_refsource_BID
http://marc.info/?l=bugtraq&m=104005975415582&w=2 mailing-listx_refsource_BUGTRAQ
http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
http://www.kb.cert.org/vuls/id/169841 third-party-advisoryx_refsource_CERT-VN
http://www.debian.org/security/2002/dsa-207 vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/advisories/4567 vendor-advisoryx_refsource_HP
http://www.redhat.com/support/errata/RHSA-2002-195.html vendor-advisoryx_refsource_REDHAT
http://www.iss.net/security_center/static/10365.php vdb-entryx_refsource_XF
http://www.redhat.com/support/errata/RHSA-2002-194.html vendor-advisoryx_refsource_REDHAT
http://www.linux-mandrake.com/en/security/2002/MD… vendor-advisoryx_refsource_MANDRAKE
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:03:49.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20021018 GLSA: tetex",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=103497852330838\u0026w=2"
          },
          {
            "name": "5978",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5978"
          },
          {
            "name": "20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104005975415582\u0026w=2"
          },
          {
            "name": "CLA-2002:537",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000537"
          },
          {
            "name": "VU#169841",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/169841"
          },
          {
            "name": "DSA-207",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2002/dsa-207"
          },
          {
            "name": "HPSBTL0210-073",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/advisories/4567"
          },
          {
            "name": "RHSA-2002:195",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-195.html"
          },
          {
            "name": "dvips-system-execute-commands(10365)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/10365.php"
          },
          {
            "name": "RHSA-2002:194",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-194.html"
          },
          {
            "name": "MDKSA-2002:070",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2004-07-25T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20021018 GLSA: tetex",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=103497852330838\u0026w=2"
        },
        {
          "name": "5978",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5978"
        },
        {
          "name": "20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104005975415582\u0026w=2"
        },
        {
          "name": "CLA-2002:537",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000537"
        },
        {
          "name": "VU#169841",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/169841"
        },
        {
          "name": "DSA-207",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2002/dsa-207"
        },
        {
          "name": "HPSBTL0210-073",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/advisories/4567"
        },
        {
          "name": "RHSA-2002:195",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-195.html"
        },
        {
          "name": "dvips-system-execute-commands(10365)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/10365.php"
        },
        {
          "name": "RHSA-2002:194",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-194.html"
        },
        {
          "name": "MDKSA-2002:070",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0836",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20021018 GLSA: tetex",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=103497852330838\u0026w=2"
            },
            {
              "name": "5978",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5978"
            },
            {
              "name": "20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104005975415582\u0026w=2"
            },
            {
              "name": "CLA-2002:537",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000537"
            },
            {
              "name": "VU#169841",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/169841"
            },
            {
              "name": "DSA-207",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2002/dsa-207"
            },
            {
              "name": "HPSBTL0210-073",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/advisories/4567"
            },
            {
              "name": "RHSA-2002:195",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-195.html"
            },
            {
              "name": "dvips-system-execute-commands(10365)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/10365.php"
            },
            {
              "name": "RHSA-2002:194",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-194.html"
            },
            {
              "name": "MDKSA-2002:070",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0836",
    "datePublished": "2004-09-01T04:00:00",
    "dateReserved": "2002-08-08T00:00:00",
    "dateUpdated": "2024-08-08T03:03:49.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0638 (GCVE-0-2002-0638)

Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:56
VLAI?
Summary
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA… vendor-advisoryx_refsource_CALDERA
http://www.securityfocus.com/bid/5344 vdb-entryx_refsource_BID
http://www.iss.net/security_center/static/9709.php vdb-entryx_refsource_XF
http://www.linux-mandrake.com/en/security/2002/MD… vendor-advisoryx_refsource_MANDRAKE
http://rhn.redhat.com/errata/RHSA-2002-132.html vendor-advisoryx_refsource_REDHAT
http://www.kb.cert.org/vuls/id/405955 third-party-advisoryx_refsource_CERT-VN
http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_VULNWATCH
http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
http://online.securityfocus.com/advisories/4320 vendor-advisoryx_refsource_HP
http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=102795787713996&w=2 mailing-listx_refsource_BUGTRAQ
http://www.redhat.com/support/errata/RHSA-2002-137.html vendor-advisoryx_refsource_REDHAT
http://www.osvdb.org/5164 vdb-entryx_refsource_OSVDB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T02:56:38.516Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "CSSA-2002-043.0",
            "tags": [
              "vendor-advisory",
              "x_refsource_CALDERA",
              "x_transferred"
            ],
            "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
          },
          {
            "name": "5344",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/5344"
          },
          {
            "name": "utillinux-chfn-race-condition(9709)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9709.php"
          },
          {
            "name": "MDKSA-2002:047",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
          },
          {
            "name": "RHSA-2002:132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
          },
          {
            "name": "VU#405955",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/405955"
          },
          {
            "name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_VULNWATCH",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
          },
          {
            "name": "CLA-2002:523",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
          },
          {
            "name": "HPSBTL0207-054",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/advisories/4320"
          },
          {
            "name": "20020730 TSLSA-2002-0064 - util-linux",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
          },
          {
            "name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
          },
          {
            "name": "RHSA-2002:137",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
          },
          {
            "name": "5164",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/5164"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-07-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2003-03-21T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "CSSA-2002-043.0",
          "tags": [
            "vendor-advisory",
            "x_refsource_CALDERA"
          ],
          "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
        },
        {
          "name": "5344",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/5344"
        },
        {
          "name": "utillinux-chfn-race-condition(9709)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9709.php"
        },
        {
          "name": "MDKSA-2002:047",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
        },
        {
          "name": "RHSA-2002:132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
        },
        {
          "name": "VU#405955",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/405955"
        },
        {
          "name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_VULNWATCH"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
        },
        {
          "name": "CLA-2002:523",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
        },
        {
          "name": "HPSBTL0207-054",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://online.securityfocus.com/advisories/4320"
        },
        {
          "name": "20020730 TSLSA-2002-0064 - util-linux",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
        },
        {
          "name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
        },
        {
          "name": "RHSA-2002:137",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
        },
        {
          "name": "5164",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/5164"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0638",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "CSSA-2002-043.0",
              "refsource": "CALDERA",
              "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
            },
            {
              "name": "5344",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/5344"
            },
            {
              "name": "utillinux-chfn-race-condition(9709)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9709.php"
            },
            {
              "name": "MDKSA-2002:047",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
            },
            {
              "name": "RHSA-2002:132",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
            },
            {
              "name": "VU#405955",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/405955"
            },
            {
              "name": "20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability",
              "refsource": "VULNWATCH",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
            },
            {
              "name": "CLA-2002:523",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
            },
            {
              "name": "HPSBTL0207-054",
              "refsource": "HP",
              "url": "http://online.securityfocus.com/advisories/4320"
            },
            {
              "name": "20020730 TSLSA-2002-0064 - util-linux",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
            },
            {
              "name": "20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
            },
            {
              "name": "RHSA-2002:137",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
            },
            {
              "name": "5164",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/5164"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0638",
    "datePublished": "2003-04-02T05:00:00",
    "dateReserved": "2002-06-27T00:00:00",
    "dateUpdated": "2024-08-08T02:56:38.516Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2002-1232

Vulnerability from fkie_nvd - Published: 2002-11-04 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
References
cve@mitre.orgftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539
cve@mitre.orghttp://marc.info/?l=bugtraq&m=103582692228894&w=2
cve@mitre.orghttp://online.securityfocus.com/advisories/4605
cve@mitre.orghttp://www.debian.org/security/2002/dsa-180Patch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/10423.phpVendor Advisory
cve@mitre.orghttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-223.htmlPatch
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-224.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2003-229.html
cve@mitre.orghttp://www.securityfocus.com/bid/6016Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=103582692228894&w=2
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/advisories/4605
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2002/dsa-180Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/10423.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-223.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-224.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2003-229.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6016Patch, Vendor Advisory
Impacted products
Vendor Product Version
debian debian_linux 2.2
debian debian_linux 2.2
debian debian_linux 2.2
debian debian_linux 2.2
debian debian_linux 2.2
debian debian_linux 2.2
debian debian_linux 2.2
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
hp secure_os 1.0
redhat linux 6.2
redhat linux 6.2
redhat linux 6.2
redhat linux 6.2
redhat linux 7.0
redhat linux 7.0
redhat linux 7.0
redhat linux 7.1
redhat linux 7.1
redhat linux 7.1
redhat linux 7.2
redhat linux 7.2
redhat linux 7.3
redhat linux 7.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "58B90124-0543-4226-BFF4-13CCCBCCB243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:68k:*:*:*:*:*",
              "matchCriteriaId": "E040A866-0D2C-40E1-B1FB-DB600B389E27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "CE1C944A-E5F1-49DE-B069-2A358123B535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:arm:*:*:*:*:*",
              "matchCriteriaId": "D71083B4-1736-4501-8DE8-BC24AC1447AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:ia-32:*:*:*:*:*",
              "matchCriteriaId": "E9D468DB-C4AE-4ACB-B3B7-2FAEA90D6A49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:powerpc:*:*:*:*:*",
              "matchCriteriaId": "2A32E486-2598-41B3-B6DB-3CC46D239AFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "AAEE18D8-AA3B-47A3-AA7C-AAFF7591F391",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
              "matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
              "matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
              "matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
              "matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
              "matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
              "matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
              "matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "B345284D-6842-47C0-B823-B5DDC30CC8A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
              "matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
              "matchCriteriaId": "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
              "matchCriteriaId": "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
              "matchCriteriaId": "9B502A61-44FB-4CD4-85BE-88D4ACCCA441",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist."
    },
    {
      "lang": "es",
      "value": "Fuga de memoria en ypdb_open en yp_db.c en ypserv anteriores a 2.5 en el paquete NIS 3.9 y anteriores permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumici\u00f3n de memoria) mediante un n\u00famero grande de peticiones de un mapa inexistente."
    }
  ],
  "id": "CVE-2002-1232",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-11-04T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000539"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=103582692228894\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/advisories/4605"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2002/dsa-180"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10423.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-223.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-224.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-229.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/6016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=103582692228894\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/advisories/4605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2002/dsa-180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10423.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-223.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-224.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-229.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/6016"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2002-0836

Vulnerability from fkie_nvd - Published: 2002-10-28 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
References
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
cve@mitre.orghttp://marc.info/?l=bugtraq&m=103497852330838&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104005975415582&w=2
cve@mitre.orghttp://www.debian.org/security/2002/dsa-207Patch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/10365.phpVendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/169841US Government Resource
cve@mitre.orghttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-194.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-195.html
cve@mitre.orghttp://www.securityfocus.com/advisories/4567
cve@mitre.orghttp://www.securityfocus.com/bid/5978Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=103497852330838&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104005975415582&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2002/dsa-207Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/10365.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/169841US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-194.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-195.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/advisories/4567
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/5978Patch, Vendor Advisory
Impacted products
Vendor Product Version
hp secure_os 1.0
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 8.0
mandrakesoft mandrake_linux 8.0
mandrakesoft mandrake_linux 8.1
mandrakesoft mandrake_linux 8.1
mandrakesoft mandrake_linux 8.2
mandrakesoft mandrake_linux 8.2
mandrakesoft mandrake_linux 9.0
redhat linux 6.2
redhat linux 6.2
redhat linux 6.2
redhat linux 6.2
redhat linux 7.0
redhat linux 7.0
redhat linux 7.0
redhat linux 7.1
redhat linux 7.1
redhat linux 7.1
redhat linux 7.1
redhat linux 7.2
redhat linux 7.2
redhat linux 7.2
redhat linux 7.3
redhat linux 7.3
redhat linux 8.0
redhat linux 8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "B345284D-6842-47C0-B823-B5DDC30CC8A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "5B28763D-8F4B-45E5-82FA-AB7E54C18EBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "205EF72B-7334-4AE0-9CA6-D2E8E5910C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "613A22EC-D93C-48B0-B97C-3E0DDFBD0B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB99324-3062-426F-8E2F-44DC3A7ADB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "128F5289-E9F3-41A7-A534-FBAA8A119A9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F6F859-B7B8-4072-B073-6CC8291D642E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
              "matchCriteriaId": "B7EC2B95-4715-4EC9-A10A-2542501F8A61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
              "matchCriteriaId": "4DC9842D-E23B-4B9F-A7BF-57C3BA3DE398",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
              "matchCriteriaId": "C8783A6D-DFD8-45DD-BF03-570B1B012B44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*",
              "matchCriteriaId": "6A1EF00A-52E9-4FD8-98FD-3998225D8655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
              "matchCriteriaId": "9B502A61-44FB-4CD4-85BE-88D4ACCCA441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:8.0:*:i386:*:*:*:*:*",
              "matchCriteriaId": "4D1E6298-EDF5-438F-8DFD-16A514CB938A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts."
    },
    {
      "lang": "es",
      "value": "El conversor dvips para ficheros Postscript en el paquete tetex llama a la funci\u00f3n system() de forma insegura, lo que permite a atacantes ejecutar comandos arbitrarios mediante ciertos trabajos de impresi\u00f3n, posiblemente conteniendo fuentes."
    }
  ],
  "id": "CVE-2002-0836",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-10-28T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000537"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=103497852330838\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104005975415582\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2002/dsa-207"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10365.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/169841"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-194.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-195.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/advisories/4567"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/5978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=103497852330838\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104005975415582\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2002/dsa-207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/10365.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/169841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-194.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-195.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/advisories/4567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/5978"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2002-0835

Vulnerability from fkie_nvd - Published: 2002-10-04 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
References
cve@mitre.orgftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt
cve@mitre.orghttp://online.securityfocus.com/advisories/4449
cve@mitre.orghttp://www.iss.net/security_center/static/10003.php
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-162.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-165.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/5596Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/advisories/4449
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/10003.php
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-162.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-165.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/5596Exploit, Vendor Advisory
Impacted products
Vendor Product Version
caldera openlinux_server 3.1
caldera openlinux_server 3.1.1
caldera openlinux_workstation 3.1
caldera openlinux_workstation 3.1.1
redhat pre-execution_environment 0.1
hp secure_os 1.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:caldera:openlinux_server:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A218B67-B87B-4A5E-B9EF-EF39ADEAD9FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:caldera:openlinux_server:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "59A82AD5-A42D-49FF-A9D4-A57C8433A5A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:caldera:openlinux_workstation:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB41DE44-C3A1-4CC9-ACA7-4EC171D68910",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:caldera:openlinux_workstation:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C31B1A4A-96AD-4322-8AF3-733D66DBB50E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:pre-execution_environment:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2522945-D94F-4F8D-8705-87D15AE3B41D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "B345284D-6842-47C0-B823-B5DDC30CC8A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones."
    },
    {
      "lang": "es",
      "value": "El servidor Preboot eXecution Environment (PXE) permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante ciertos paquetes DHCP (Dinamic Host Configuraion Protocol) de tel\u00e9fonos Voz-sobre-IP (VOIP)."
    }
  ],
  "id": "CVE-2002-0835",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-10-04T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/advisories/4449"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/10003.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-162.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-165.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/5596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/advisories/4449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/10003.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-162.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2002-165.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/5596"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2002-0638

Vulnerability from fkie_nvd - Published: 2002-08-12 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
References
cve@mitre.orgftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523
cve@mitre.orghttp://marc.info/?l=bugtraq&m=102795787713996&w=2
cve@mitre.orghttp://online.securityfocus.com/advisories/4320
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2002-132.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/9709.php
cve@mitre.orghttp://www.kb.cert.org/vuls/id/405955Patch, Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
cve@mitre.orghttp://www.osvdb.org/5164
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2002-137.html
cve@mitre.orghttp://www.securityfocus.com/bid/5344
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=102795787713996&w=2
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/advisories/4320
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2002-132.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/9709.php
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/405955Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/5164
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2002-137.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/5344
Impacted products
Vendor Product Version
mandrakesoft mandrake_single_network_firewall 7.2
hp secure_os 1.0
mandrakesoft mandrake_linux 7.0
mandrakesoft mandrake_linux 7.1
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 8.0
mandrakesoft mandrake_linux 8.0
mandrakesoft mandrake_linux 8.1
mandrakesoft mandrake_linux 8.1
mandrakesoft mandrake_linux 8.2
mandrakesoft mandrake_linux_corporate_server 1.0.1
redhat linux 6.0
redhat linux 6.0
redhat linux 6.0
redhat linux 6.1
redhat linux 6.1
redhat linux 6.1
redhat linux 6.2
redhat linux 6.2
redhat linux 6.2
redhat linux 7.0
redhat linux 7.0
redhat linux 7.1
redhat linux 7.1
redhat linux 7.1
redhat linux 7.2
redhat linux 7.2
redhat linux 7.2
redhat linux 7.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A188467-3856-4599-A2CD-BD2655974B63",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "B345284D-6842-47C0-B823-B5DDC30CC8A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4853E92-5E0A-47B9-A343-D5BEE87D2C27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4371A667-18E1-4C54-B2E1-6F885F22F213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "5B28763D-8F4B-45E5-82FA-AB7E54C18EBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "205EF72B-7334-4AE0-9CA6-D2E8E5910C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "613A22EC-D93C-48B0-B97C-3E0DDFBD0B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB99324-3062-426F-8E2F-44DC3A7ADB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97E09AD9-F057-4264-88BB-A8A18C1B1246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DFA94D5-0139-490C-8257-0751FE9FBAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.0:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "6931FB54-A163-4CE3-BBD9-D345AA0977A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.0:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "5ABD1331-277C-4C31-8186-978243C62255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC4D3AB-38FA-4D44-AF5C-2DCD15994E76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.1:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "C89454B9-4F45-4A42-A06D-ED42D893C544",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.1:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "1E64093E-7D53-4238-95C3-48ED5A0FFD97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "344610A8-DB6D-4407-9304-916C419F648C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "64775BEF-2E53-43CA-8639-A7E54F6F4222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "FD6576E2-9F26-4857-9F28-F51899F1EF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "7F3FAAB3-7A8A-42E5-9DCE-E4A843CED1B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "ED36543D-C21B-4B4B-A6AD-6E19B08B5DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "6EAAC51F-9DC5-4026-8147-1B74975D6183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "9D47D6FE-56A9-42CF-9A9B-AEE272C061F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh."
    },
    {
      "lang": "es",
      "value": "setpwnam.c en el paquete util-linux, como se incluye en Red Hat Linux 7.3 y antieriores, y en otros sistemas operativos, no bloquea adecuadamente un fichero temporal cuando se modifica /etc/passwd, lo que puede permitir a usuarios locales ganar privilegios mediante una compleja condici\u00f3n de carrera que usa un descriptor de fichero abierto en utilidades como chfn y chsh."
    }
  ],
  "id": "CVE-2002-0638",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-08-12T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/advisories/4320"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/security_center/static/9709.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/405955"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/5164"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/5344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=102795787713996\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/advisories/4320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2002-132.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/security_center/static/9709.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/405955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/5164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-137.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/5344"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2001-1506

Vulnerability from fkie_nvd - Published: 2001-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.
References
cve@mitre.orghttp://online.securityfocus.com/advisories/3618
cve@mitre.orghttp://www.securityfocus.com/bid/3468
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/7342
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/advisories/3618
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/3468
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/7342
Impacted products
Vendor Product Version
hp secure_os 1.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "B345284D-6842-47C0-B823-B5DDC30CC8A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files."
    }
  ],
  "id": "CVE-2001-1506",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://online.securityfocus.com/advisories/3618"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/3468"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://online.securityfocus.com/advisories/3618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/3468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7342"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2001-1563

Vulnerability from fkie_nvd - Published: 2001-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/hp/2001-q4/0062.htmlPatch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/42892
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/hp/2001-q4/0062.htmlPatch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/42892
Impacted products
Vendor Product Version
apache tomcat 3.2.1
hp secure_os 1.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7079F63C-7CA8-4909-A9C8-45C4C1C1C186",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*",
              "matchCriteriaId": "B345284D-6842-47C0-B823-B5DDC30CC8A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources.  NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers."
    }
  ],
  "id": "CVE-2001-1563",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://archives.neohapsis.com/archives/hp/2001-q4/0062.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42892"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}