LAYER: meta
PACKAGE NAME: expect-native
PACKAGE VERSION: 5.45.4
CVE: CVE-2001-1374
CVE STATUS: Patched
CVE SUMMARY: expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
CVSS v2 BASE SCORE: 7.2
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1374

LAYER: meta
PACKAGE NAME: expect-native
PACKAGE VERSION: 5.45.4
CVE: CVE-2001-1467
CVE STATUS: Patched
CVE SUMMARY: mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.
CVSS v2 BASE SCORE: 7.5
CVSS v3 BASE SCORE: 0.0
CVSS v4 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:P/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2001-1467