Vulnerabilities > CVE-2002-0638
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 | |
| OS | 9 | |
| OS | 18 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-047.NASL description Michal Zalewski found a vulnerability in the util-linux package with the chfn utility. This utility allows users to modify some information in the /etc/passwd file, and is installed setuid root. Using a carefully crafted attack sequence, an attacker can exploit a complex file locking and modification race that would allow them to make changes to the /etc/passwd file. To successfully exploit this vulnerability and obtain privilege escalation, there is a need for some administrator interaction, and the password file must over over 4kb in size; the attacker last seen 2020-06-01 modified 2020-06-02 plugin id 13950 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13950 title Mandrake Linux Security Advisory : util-linux (MDKSA-2002:047) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2002-137.NASL description The util-linux package shipped with Red Hat Linux Advanced Server contains a locally exploitable vulnerability. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. The last seen 2020-06-01 modified 2020-06-02 plugin id 12311 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12311 title RHEL 2.1 : util-linux (RHSA-2002:137)
Redhat
| advisories |
|
References
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
- http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523
- http://marc.info/?l=bugtraq&m=102795787713996&w=2
- http://online.securityfocus.com/advisories/4320
- http://rhn.redhat.com/errata/RHSA-2002-132.html
- http://www.iss.net/security_center/static/9709.php
- http://www.kb.cert.org/vuls/id/405955
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
- http://www.osvdb.org/5164
- http://www.redhat.com/support/errata/RHSA-2002-137.html
- http://www.securityfocus.com/bid/5344