Unrated severityNVD Advisory· Published Aug 12, 2002· Updated Apr 16, 2026

CVE-2002-0638

Description

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.

Affected products

Mandrakesoft/Mandrake Single Network Firewall
cpe:2.3:a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*
HP/Secure Os
cpe:2.3:o:hp:secure_os:1.0:*:linux:*:*:*:*:*
Mandrakesoft/Mandrake Linux8 versions
cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
Mandrakesoft/Mandrake Linux Corporate Server
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
Red Hat/Linux18 versions
cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.0:*:alpha:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.1:*:alpha:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.1:*:sparc:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.2:*:alpha:*:*:*:*:*
- cpe:2.3:o:redhat:linux:6.2:*:sparc:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.0:*:alpha:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.1:*:alpha:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.1:*:ia64:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.2:*:alpha:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*
- cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2002-132.htmlnvdPatchVendor Advisory
www.kb.cert.org/vuls/id/405955nvdPatchThird Party AdvisoryUS Government Resource
ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txtnvd
archives.neohapsis.com/archives/bugtraq/2002-07/0357.htmlnvd
archives.neohapsis.com/archives/bugtraq/2002-07/0396.htmlnvd
distro.conectiva.com.br/atualizacoes/nvd
marc.infonvd
online.securityfocus.com/advisories/4320nvd
www.iss.net/security_center/static/9709.phpnvd
www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.phpnvd
www.osvdb.org/5164nvd
www.redhat.com/support/errata/RHSA-2002-137.htmlnvd
www.securityfocus.com/bid/5344nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000