Vulnerabilities > Mandrakesoft > Mandrake Linux > 8.2

DATE CVE VULNERABILITY TITLE RISK
2004-12-31 CVE-2004-2396 passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.
local
low complexity
mandrakesoft
7.2
2004-12-31 CVE-2004-2395 Unspecified vulnerability in Mandrakesoft products
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.
local
low complexity
mandrakesoft
2.1
2004-12-31 CVE-2004-2394 Unspecified vulnerability in Mandrakesoft products
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.
local
low complexity
mandrakesoft
2.1
2003-08-27 CVE-2003-0462 A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
local
high complexity
mandrakesoft linux
1.2
2002-12-31 CVE-2002-2185 Denial Of Service vulnerability in Multiple Vendor Spoofed IGMP Report
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
local
low complexity
sgi debian mandrakesoft microsoft redhat suse
4.9
2002-12-31 CVE-2002-1713 Incorrect Default Permissions vulnerability in Mandrakesoft Mandrake Linux 8.2
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
local
low complexity
mandrakesoft CWE-276
5.5
2002-10-28 CVE-2002-0836 dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
network
low complexity
hp mandrakesoft redhat
7.5
2002-08-12 CVE-2002-0638 setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
local
high complexity
mandrakesoft hp redhat
6.2