Page 5 of 28 results (0.013 seconds)

CVSS: 6.2EPSS: 0%CPEs: 29EXPL: 0

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. setpwnam.c en el paquete util-linux, como se incluye en Red Hat Linux 7.3 y antieriores, y en otros sistemas operativos, no bloquea adecuadamente un fichero temporal cuando se modifica /etc/passwd, lo que puede permitir a usuarios locales ganar privilegios mediante una compleja condición de carrera que usa un descriptor de fichero abierto en utilidades como chfn y chsh. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523 http://marc.info/?l=bugtraq&m=102795787713996&w=2 http://online.securityfocus.com/advisories/4320 http://rhn.redhat.com/errata/RHSA-2002-132.html http://www.iss.net/security_center/static/9709.php http://www.kb&# •

CVSS: 10.0EPSS: 1%CPEs: 38EXPL: 1

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. Error 'off-by-one' en el código de canal de OpenSSH 2.0 a 3.0.2 permite a usuarios locales o a servidores remotos ganar privilegios. • https://www.exploit-db.com/exploits/21314 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html http://archives.neohapsis.com/archives/vulnw • CWE-193: Off-by-one Error •

CVSS: 7.2EPSS: 0%CPEs: 46EXPL: 2

Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. Corrupción de memoria en el comando "at" permite que usuarios locales ejecuten código arbitrario haciendo uso de un tiempo de ejecución mal escrito (lo que provoca que at libere la misma memoria dos veces). • https://www.exploit-db.com/exploits/21229 http://marc.info/?l=bugtraq&m=101128661602088&w=2 http://marc.info/?l=bugtraq&m=101147632721031&w=2 http://online.securityfocus.com/advisories/3833 http://online.securityfocus.com/advisories/3969 http://www.debian.org/security/2002/dsa-102 http://www.novell.com/linux/security/advisories/2002_003_at_txt.html http://www.redhat.com/support/errata/RHSA-2002-015.html http://www.securityfocus.com/bid/3886 https://exchange.xforce. •

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. • http://www.kb.cert.org/vuls/id/913704 http://www.mandriva.com/security/advisories?name=MDKSA-2001:077-2 https://exchange.xforce.ibmcloud.com/vulnerabilities/8029 •

CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 1

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack. • https://www.exploit-db.com/exploits/20493 http://marc.info/?l=bugtraq&m=98749102621604&w=2 http://marc.info/?l=bugtraq&m=99106787825229&w=2 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-047.php3?dis=8.0 http://www.redhat.com/support/errata/RHSA-2001-042.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6367 •