ByteOS Network

Vulnerability Details :

CVE-2004-2394

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-17 Aug, 2005 | 04:00

Updated At-08 Aug, 2024 | 01:22

Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:17 Aug, 2005 | 04:00

Updated At:08 Aug, 2024 | 01:22

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.securityfocus.com/bid/10370	vdb-entry x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDKSA-2004:045	vendor-advisory x_refsource_MANDRAKE
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060	x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/16178	vdb-entry x_refsource_XF

Hyperlink: http://www.securityfocus.com/bid/10370

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:045

Resource:

vendor-advisory

x_refsource_MANDRAKE

Hyperlink: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060

Resource:

x_refsource_CONFIRM

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/16178

Resource:

vdb-entry

x_refsource_XF

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securityfocus.com/bid/10370	vdb-entry x_refsource_BID x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2004:045	vendor-advisory x_refsource_MANDRAKE x_transferred
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060	x_refsource_CONFIRM x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/16178	vdb-entry x_refsource_XF x_transferred

Hyperlink: http://www.securityfocus.com/bid/10370

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:045

Resource:

vendor-advisory

x_refsource_MANDRAKE

x_transferred

Hyperlink: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/16178

Resource:

vdb-entry

x_refsource_XF

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:31 Dec, 2004 | 05:00

Updated At:03 Apr, 2025 | 01:03

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 2.1

Base severity: LOW

Vector:

AV:L/AC:L/Au:N/C:N/I:P/A:N

CPE Matches

Mandriva (Mandrakesoft)

>>mandrake_multi_network_firewall>>8.2

cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*

Mandriva (Mandrakesoft)

>>mandrake_linux>>8.2

cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*

Mandriva (Mandrakesoft)

>>mandrake_linux>>8.2

cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*

Mandriva (Mandrakesoft)

>>mandrake_linux>>9.0

cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*

Mandriva (Mandrakesoft)

>>mandrake_linux>>9.1

cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*

Mandriva (Mandrakesoft)

>>mandrake_linux>>9.1

cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*

Mandriva (Mandrakesoft)

>>mandrake_linux>>9.2

cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*

Mandriva (Mandrakesoft)

>>mandrake_linux>>9.2

cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*

Mandriva (Mandrakesoft)

>>mandrake_linux>>10.0

cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

Mandriva (Mandrakesoft)

>>mandrake_linux_corporate_server>>2.1

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

Mandriva (Mandrakesoft)

>>mandrake_linux_corporate_server>>2.1

cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060	cve@mitre.org	Patch
http://www.mandriva.com/security/advisories?name=MDKSA-2004:045	cve@mitre.org	Patch Vendor Advisory
http://www.securityfocus.com/bid/10370	cve@mitre.org	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16178	cve@mitre.org	N/A
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060	af854a3a-2127-422b-91ae-364da2661108	Patch
http://www.mandriva.com/security/advisories?name=MDKSA-2004:045	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.securityfocus.com/bid/10370	af854a3a-2127-422b-91ae-364da2661108	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/16178	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060

Source: cve@mitre.org

Resource:

Patch

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:045

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/10370

Source: cve@mitre.org

Resource:

Patch

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/16178

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2004:045

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/10370

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/16178

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

9Records found

CVE-2004-0497

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-2.1||LOW

EPSS-0.29% / 52.21%

7 Day CHG~0.00%

Published-06 Jul, 2004 | 04:00

Updated-03 Apr, 2025 | 01:03

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.

Vendor-trustix conectiva n/a Linux Kernel Organization, Inc Gentoo Foundation, Inc.SUSE Red Hat, Inc.Mandriva (Mandrakesoft)

Product-linux_kernel secure_linux mandrake_linux_corporate_server mandrake_multi_network_firewall suse_linux linux enterprise_linux mandrake_linux n/a

CVE-2004-0975

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-2.1||LOW

EPSS-0.07% / 22.14%

7 Day CHG~0.00%

Published-20 Oct, 2004 | 04:00

Updated-03 Apr, 2025 | 01:03

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

Vendor-n/a OpenSSL Gentoo Foundation, Inc.Mandriva (Mandrakesoft)

Product-mandrake_linux_corporate_server mandrake_multi_network_firewall openssl linux mandrake_linux n/a

CVE-2004-0974

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-2.1||LOW

EPSS-0.10% / 28.93%

7 Day CHG~0.00%

Published-20 Oct, 2004 | 04:00

Updated-03 Apr, 2025 | 01:03

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Vendor-netatalk n/a Red Hat, Inc.Mandriva (Mandrakesoft)

Product-fedora_core open_source_apple_file_share_protocol_suite mandrake_linux_corporate_server mandrake_linux n/a

CVE-2004-0559

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-2.1||LOW

EPSS-0.07% / 22.43%

7 Day CHG~0.00%

Published-24 Sep, 2004 | 04:00

Updated-03 Apr, 2025 | 01:03

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.

Vendor-usermin n/a Webmin Mandriva (Mandrakesoft)

Product-usermin mandrake_linux_corporate_server webmin mandrake_linux n/a

CVE-2001-0736

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-2.1||LOW

EPSS-0.17% / 39.20%

7 Day CHG~0.00%

Published-12 Oct, 2001 | 04:00

Updated-03 Apr, 2025 | 01:03

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

Vendor-immunix engardelinux university_of_washington n/a Red Hat, Inc.Mandriva (Mandrakesoft)

Product-pine mandrake_linux_corporate_server immunix linux secure_linux mandrake_linux n/a

CVE-2001-0474

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-2.1||LOW

EPSS-0.14% / 34.31%

7 Day CHG~0.00%

Published-18 Sep, 2001 | 04:00

Updated-03 Apr, 2025 | 01:03

Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.

Vendor-brian_paul n/a Mandriva (Mandrakesoft)

Product-mesa mandrake_linux n/a

CVE-2001-0169

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-2.1||LOW

EPSS-0.14% / 34.97%

7 Day CHG~0.00%

Published-07 May, 2001 | 04:00

Updated-03 Apr, 2025 | 01:03

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.