Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2002-0638

EPSS 0.08% · P24
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2002-0638

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Util-linux文件锁住本地竞争条件漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
util-linux是一套包含多种系统工具如'chfn'和'chsh'的软件包,包含在多种Linux系统中。 util-linux工具在代码共享处理中存在竞争条件问题,本地攻击者可以利用这个漏洞进行权限提升。 util-linux工具包含多个工具用于执行Linux系统功能,如'chfn'工具允许用户修改存储在/etc/passwd文件中的个人信息,要修改此文件,应用程序需要以setuid root权限安装。 在部分条件下,利用util-linux工具中login-utils/setpwnam.c代码中复杂
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2002-0638

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2002-0638

登录查看更多情报信息。

Same Patch Batch · n/a · 2003-04-02 · 350 CVEs total

CVE-2002-0719Microsoft Content Management Server 2001 SQL注入漏洞(MS02-041)
CVE-2002-0741PsyBNC超长密码导致拒绝服务漏洞
CVE-2002-0738MHonArc HTML脚本过滤可绕过漏洞
CVE-2002-0737Sambar WEB服务程序服务端文件解析可绕过漏洞
CVE-2002-0736Microsoft BackOffice授权问题漏洞
CVE-2002-0734B2 B2config.php远程命令执行漏洞
CVE-2002-0733ACME Labs thttpd跨站脚本执行漏洞
CVE-2002-0727Microsoft OWC可导致Active脚本执行漏洞
CVE-2002-0726Microsoft TSAC ActiveX远程缓冲区溢出漏洞(MS02-046)
CVE-2002-0722Microsoft Internet Explorer 安全漏洞
CVE-2002-0720Microsoft Windows 2000网络连接管理器权限提升漏洞(MS02-042)
CVE-2002-0704Linux NetFilter NAT信息泄露漏洞
CVE-2002-0697Microsoft Metadirectory服务远程LDAP客户端管理员访问漏洞(MS02-036)
CVE-2002-0698Microsoft Exchange Server 缓冲区错误漏洞
CVE-2002-0700Microsoft Content Management Server 2001用户认证缓冲区溢出漏洞(MS02-041)
CVE-2002-0701多个供应商进BSD KTrace SUID/SGID进程追踪漏洞
CVE-2002-0703Gisle Aas Digest-MD5 UTF-8摘要计算存在漏洞
CVE-2002-0714Squid FTP代理数据通道漏洞
CVE-2002-0718Microsoft Content Management Server 2001文件上传漏洞(MS02-041)
CVE-2002-0716OpenServer定时服务格式字符串漏洞

Showing top 20 of 350 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2002-0638

No comments yet

Leave a comment