← Back

Expect

expect

Vendor: Don Libes • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2001-1374
3Conectiva
Don LibesRedhat
3Expect
LinuxLinux
Apr 16, 2026
Jul 19, 2001
N/A· v4
N/A· v3
7.2 HIGH· v2
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
CVE-2001-1467
1Don Libes
1Expect
Apr 16, 2026
Apr 11, 2001
N/A· v4
N/A· v3
7.5 HIGH· v2
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force...Show more
mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, seeds its random number generator with its process ID, which limits the space of possible seeds and makes it easier for attackers to conduct brute force password attacks.Show less