Vulnerability Description
Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, possibly due to memory allocation failures or an incorrect call to auth_approval().
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openbsd | 3.0 |
References
- http://www.iss.net/security_center/static/8625.phpPatchVendor Advisory
- http://www.openbsd.org/errata30.html#approval
- http://www.securityfocus.com/bid/4338PatchVendor Advisory
- http://www.iss.net/security_center/static/8625.phpPatchVendor Advisory
- http://www.openbsd.org/errata30.html#approval
- http://www.securityfocus.com/bid/4338PatchVendor Advisory
FAQ
What is CVE-2002-0557?
CVE-2002-0557 is a vulnerability with a CVSS score of 7.5 (HIGH). Vulnerability in OpenBSD 3.0, when using YP with netgroups in the password database, causes (1) rexec or (2) rsh to run another user's shell, or (3) atrun to change to a different user's directory, po...
How severe is CVE-2002-0557?
CVE-2002-0557 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0557?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openbsd.