CVSS: 7.2EPSS: 0%CPEs: 40EXPL: 0CVE-2001-1374
https://notcve.org/view.php?id=CVE-2001-1374
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:060 http://www.redhat.com/support/errata/RHSA-2002-148.html http://www.securityfocus.com/bid/3074 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224 https://exchange.xforce.ibmcloud.com/vulnerabilities/6870 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-1467
https://notcve.org/view.php?id=CVE-2001-1467
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks. • http://archives.neohapsis.com/archives/bugtraq/2001-04/0173.html http://archives.neohapsis.com/archives/bugtraq/2001-04/0192.html http://securitytracker.com/id?1001303 http://www.kb.cert.org/vuls/id/527736 http://www.securityfocus.com/bid/2632 https://exchange.xforce.ibmcloud.com/vulnerabilities/6382 •