CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 2CVE-2003-0124 – Man Program 1.5 - Unsafe Return Value Command Execution
https://notcve.org/view.php?id=CVE-2003-0124
man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man. man anterior a 1.51 permite a atacantes ejecutar código de su elección mediante un fichero man con comillas mal colocadas, lo que causa que la función my_xsprintf devuelva una cadena con el valor "unsafe", que es entonces ejecutado como un programa mediante una llamada al sistema si se encuentra en la ruta de búsqueda del usuario que ejecuta man. • https://www.exploit-db.com/exploits/22344 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620 http://marc.info/?l=bugtraq&m=104740927915154&w=2 http://marc.info/?l=bugtraq&m=104802285112752&w=2 http://www.redhat.com/support/errata/RHSA-2003-133.html http://www.redhat.com/support/errata/RHSA-2003-134.html http://www.securityfocus.com/bid/7066 https://exchange.xforce.ibmcloud.com/vulnerabilities/11512 https://access.redhat.com/security/cve/CVE-2003-0124 ht •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0094
https://notcve.org/view.php?id=CVE-2003-0094
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed. • http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016 http://www.securityfocus.com/bid/6855 https://exchange.xforce.ibmcloud.com/vulnerabilities/11318 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2001-1175
https://notcve.org/view.php?id=CVE-2001-1175
vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing. vipw en el paquete util-linux anteriores a 2.10 permite que /etc/shawow sea legible por todos los usuarios en algunos casos, lo que haría facil a usuarios locales realizar ataques de fuerza bruta para adivinar contraseñas. • http://www.redhat.com/support/errata/RHSA-2001-095.html http://www.redhat.com/support/errata/RHSA-2001-132.html http://www.securityfocus.com/bid/3036 https://exchange.xforce.ibmcloud.com/vulnerabilities/6851 https://access.redhat.com/security/cve/CVE-2001-1175 https://bugzilla.redhat.com/show_bug.cgi?id=1616650 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2001-1147
https://notcve.org/view.php?id=CVE-2001-1147
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits. • http://www.ciac.org/ciac/bulletins/m-009.shtml http://www.iss.net/security_center/static/7266.php http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3 http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html http://www.redhat.com/support/errata/RHSA-2001-132.html http://www.securityfocus.com/archive/1/219175 http://www.securityfocus.com/bid/3415 https://access.redhat.com/security/cve/CVE-2001-1147 https://bugzilla.redhat.com/show_bug& •