CVE-2002-0499

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/264117	Vendor Advisory
http://www.securityfocus.com/bid/4367	Exploit Vendor Advisory
http://www.iss.net/security_center/static/8634.php	Vendor Advisory
http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html
http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel:2.2.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.20:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.14:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.15:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.16:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.17:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.0:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.10:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.17:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.13:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.12:::::::*
	cpe:2.3:o:linux:linux_kernel:2.3.0:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.3.99:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.9:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.12:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.10:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.0:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.8:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.19:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.15:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.14:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.11:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.9:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.11:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.13:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.18:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.8:::::::*
	cpe:2.3:o:linux:linux_kernel:2.2.16:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.18:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.1:::::::*

Information

Published : 2002-08-11 21:00

Updated : 2008-09-05 13:28

NVD link : CVE-2002-0499

Mitre link : CVE-2002-0499

JSON object : View

CWE

NVD-CWE-Other

Products Affected

linux

linux_kernel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/264117", "name": "20020326 d_path() truncating excessive long path name vulnerability", "tags": ["Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/4367", "name": "4367", "tags": ["Exploit", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/8634.php", "name": "linux-dpath-truncate-path(8634)", "tags": ["Vendor Advisory"], "refsource": "XF"}, {"url": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html", "name": "http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html", "tags": [], "refsource": "MISC"}, {"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html", "name": "20020326 [VulnWatch] d_path() truncating excessive long path name vulnerability", "tags": [], "refsource": "VULNWATCH"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0499", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-08-12T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.3.99:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.2.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:28Z"}

2.1 /10