CVE-2002-1914

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions dump versions 0.4 b10 through 0.4 b29

Description The issue allows local users to cause a denial of service, preventing execution, by using the flock() function to lock the /etc/dumpdates file. This can lead to a disruption in the availability of protected information. The exploitation of this issue can be carried out locally.

Recommendations For dump versions 0.4 b10 through 0.4 b29, consider restricting access to the /etc/dumpdates file to prevent the flock() function from locking it, until a patch is available. As a temporary workaround, avoid using the flock() function to lock the /etc/dumpdates file.

Fix

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

BDU:2015-06667

BDU:2015-06671

CVE-2002-1914

Affected Products

Dump

CVE-2002-1914

Weakness Enumeration

Related Identifiers

Affected Products

References · 14