Vulnerability Name:

CVE-2002-0638 (CCN-9709)

Assigned:2002-07-29
Published:2002-07-29
Updated:2016-10-18
Summary:setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
CVSS v3 Severity:8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.2 Medium (CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.2 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CALDERA
Type: UNKNOWN
CSSA-2002-043.0

Source: CCN
Type: SCO Security Advisory CSSA-2002-043.0
Linux: chfn (util-linux) temp file race vulnerability

Source: VULNWATCH
Type: UNKNOWN
20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20020730 TSLSA-2002-0064 - util-linux

Source: MITRE
Type: CNA
CVE-2002-0638

Source: CONECTIVA
Type: UNKNOWN
CLA-2002:523

Source: CCN
Type: Conectiva Linux Announcement CLSA-2002:523
Local root vulnerability in chfn

Source: BUGTRAQ
Type: UNKNOWN
20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability

Source: HP
Type: UNKNOWN
HPSBTL0207-054

Source: CCN
Type: RAZOR Advisory July 29, 2002
Linux util-linux chfn local root vulnerability

Source: CCN
Type: RHSA-2002-132
Updated util-linux package fixes password locking race

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2002:132

Source: CCN
Type: RHSA-2002-137
util-linux security update

Source: CCN
Type: CIAC Information Bulletin M-104
Red Hat Linux Password Locking Race Vulnerability

Source: XF
Type: UNKNOWN
utillinux-chfn-race-condition(9709)

Source: CCN
Type: US-CERT VU#405955
util-linux package vulnerable to privilege escalation when ptmptmp file is not removed properly when using chfn utility

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#405955

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2002:047

Source: OSVDB
Type: UNKNOWN
5164

Source: CCN
Type: OSVDB ID: 5164
util-linux setpwnam.c Open File Descriptor Race

Source: REDHAT
Type: UNKNOWN
RHSA-2002:137

Source: BID
Type: UNKNOWN
5344

Source: CCN
Type: BID-5344
Util-linux File Locking Race Condition Vulnerability

Source: XF
Type: UNKNOWN
utillinux-chfn-race-condition(9709)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:hp:secure_os:1.0:*:linux:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.1:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:sparc:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:alpha:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:kernel:util-linux:*:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:pseries:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:iseries:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    mandrakesoft mandrake single network firewall 7.2
    hp secure os 1.0
    mandrakesoft mandrake linux 7.0
    mandrakesoft mandrake linux 7.1
    mandrakesoft mandrake linux 7.2
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2
    mandrakesoft mandrake linux corporate server 1.0.1
    redhat linux 6.0
    redhat linux 6.0
    redhat linux 6.0
    redhat linux 6.1
    redhat linux 6.1
    redhat linux 6.1
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 6.2
    redhat linux 7.0
    redhat linux 7.0
    redhat linux 7.1
    redhat linux 7.1
    redhat linux 7.1
    redhat linux 7.2
    redhat linux 7.2
    redhat linux 7.2
    redhat linux 7.3
    kernel util-linux *
    redhat linux 6.2
    mandrakesoft mandrake linux 7.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    conectiva linux 6.0
    mandrakesoft mandrake linux corporate server 1.0.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    conectiva linux 7.0
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    mandrakesoft mandrake linux 8.2
    conectiva linux 8.0
    redhat linux 7.3
    redhat enterprise linux 2.1
    redhat linux 7.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2