MidnightBSD

Advisories for don_libes

CVE-2001-1374 HIGH

expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
don_libes expect 5.17
don_libes expect 5.18
don_libes expect 5.25
don_libes expect 5.19
don_libes expect 5.23
don_libes expect 3
don_libes expect 5.13
conectiva linux 6.0
don_libes expect 5.7
don_libes expect 1
don_libes expect 5.2
don_libes expect 5.6
don_libes expect 5.29
don_libes expect 5.28
don_libes expect 4
don_libes expect 5.16
don_libes expect 2
don_libes expect 5.14
don_libes expect 5.10
don_libes expect 5.11
don_libes expect 5.9
don_libes expect 5.27
don_libes expect 5.4
don_libes expect 5.26
don_libes expect 0
don_libes expect 5.1
don_libes expect 5.12
don_libes expect 5.8
don_libes expect 5.3
don_libes expect 5.20
don_libes expect 5.24
don_libes expect 5.0
don_libes expect 5.21
don_libes expect 5.22
redhat linux 7.0
conectiva linux 7.0
don_libes expect 5.5
don_libes expect 5.31
don_libes expect 5.30
don_libes expect 5.15
CVE-2001-1467 HIGH

mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
don_libes expect 5.2.8