CVE-2003-0476

The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.redhat.com/support/errata/RHSA-2003-368.html	Patch Vendor Advisory
http://www.debian.org/security/2004/dsa-423	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-238.html
http://www.redhat.com/support/errata/RHSA-2003-408.html
http://www.debian.org/security/2004/dsa-358
http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
http://marc.info/?l=bugtraq&m=105664924024009&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*

Information

Published : 2003-08-06 21:00

Updated : 2018-05-02 18:29

NVD link : CVE-2003-0476

Mitre link : CVE-2003-0476

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

linux

linux_kernel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.redhat.com/support/errata/RHSA-2003-368.html", "name": "RHSA-2003:368", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.debian.org/security/2004/dsa-423", "name": "DSA-423", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-238.html", "name": "RHSA-2003:238", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-408.html", "name": "RHSA-2003:408", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.debian.org/security/2004/dsa-358", "name": "DSA-358", "tags": [], "refsource": "DEBIAN"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074", "name": "MDKSA-2003:074", "tags": [], "refsource": "MANDRAKE"}, {"url": "http://marc.info/?l=bugtraq&m=105664924024009&w=2", "name": "20030626 Linux 2.4.x execve() file read race vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327", "name": "oval:org.mitre.oval:def:327", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-0476", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-08-07T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-05-03T01:29Z"}