CVE-2002-0638

Name of the Vulnerable Software and Affected Versions util-linux versions prior to 2.11f Red Hat Linux versions 7.3 and earlier

Description The issue is related to the setpwnam.c file in the util-linux package, which does not properly lock a temporary file when modifying /etc/passwd. This may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. The vulnerability can lead to a violation of confidentiality, integrity, and availability of protected information. Exploitation of the vulnerability can be carried out locally.

Recommendations For util-linux versions prior to 2.11f, consider updating to a version that properly locks temporary files when modifying /etc/passwd. For Red Hat Linux versions 7.3 and earlier, update to a newer version that includes the fixed util-linux package. As a temporary workaround, consider restricting access to utility programs such as chfn and chsh until a patch is available.