CVE-2002-0875 - OpenCVE

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Sgi	Irix Fam

Configuration 1 [-]

OR	cpe:2.3:a:sgi:fam:2.6.6:::::::*
	cpe:2.3:a:sgi:fam:2.6.8:::::::*
	cpe:2.3:o:sgi:irix:6.5.15:::::::*
	cpe:2.3:o:sgi:irix:6.5.16:::::::*
	cpe:2.3:o:sgi:irix:6.5.17:::::::*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*

References

Link	Resource
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
ftp://patches.sgi.com/support/free/security/advisories/20000301-03-I
http://www.debian.org/security/2002/dsa-154	Patch Vendor Advisory
http://www.iss.net/security_center/static/9880.php
http://www.redhat.com/support/errata/RHSA-2005-005.html
http://www.securityfocus.com/bid/5487

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2003-04-02T05:00:00

Updated: 2003-03-25T00:00:00

Reserved: 2002-08-16T00:00:00

Link: CVE-2002-0875

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-09-05T04:00:00.000

Modified: 2008-09-10T19:13:05.663

Link: CVE-2002-0875

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2003-03-25T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FreeBSD-SN-02:05", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"}, {"name": "RHSA-2005:005", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-005.html"}, {"name": "20000301-03-I", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20000301-03-I"}, {"name": "sgi-fam-insecure-permissions(9880)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/9880.php"}, {"name": "DSA-154", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2002/dsa-154"}, {"name": "5487", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/5487"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0875", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FreeBSD-SN-02:05", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"}, {"name": "RHSA-2005:005", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2005-005.html"}, {"name": "20000301-03-I", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20000301-03-I"}, {"name": "sgi-fam-insecure-permissions(9880)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/9880.php"}, {"name": "DSA-154", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2002/dsa-154"}, {"name": "5487", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5487"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0875", "datePublished": "2003-04-02T05:00:00", "dateReserved": "2002-08-16T00:00:00", "dateUpdated": "2003-03-25T00:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sgi:fam:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E20CC5D1-D526-476C-926A-3A7A125A7351", "vulnerable": true}, {"criteria": "cpe:2.3:a:sgi:fam:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "4A26F49E-EACD-4CE3-86E6-F76E9DADCEB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*", "matchCriteriaId": "6BD69805-D021-4DCC-9FB6-A0BEA721408A", "vulnerable": true}, {"criteria": "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "B13C07CC-F615-4F30-B532-4BF6F02F84DF", "vulnerable": true}, {"criteria": "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*", "matchCriteriaId": "8BE3F77A-909E-4947-A808-BCAB7F96A108", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group."}, {"lang": "es", "value": "Vulnerabilidad en FAM 2.6.8, 2.6.6 y otras versiones permite a usuarios sin privilegios obtener los nombres de ficheros cuyo acceso est\u00e1 restringido al grupo de root"}], "id": "CVE-2002-0875", "lastModified": "2008-09-10T19:13:05.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-09-05T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"}, {"source": "cve@mitre.org", "url": "ftp://patches.sgi.com/support/free/security/advisories/20000301-03-I"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2002/dsa-154"}, {"source": "cve@mitre.org", "url": "http://www.iss.net/security_center/static/9880.php"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2005-005.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/5487"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}