cvelistv5 - cve-2003-0084

CVE-2003-0084 (GCVE-0-2003-0084)

Vulnerability from cvelistv5 – Published: 2003-04-29 04:00 – Updated: 2024-08-08 01:43

Summary

mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.itlab.musc.edu/webNIS/mod_auth_any.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2003-113.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2003-114.html	vendor-advisoryx_refsource_REDHAT
	http://www.ciac.org/ciac/bulletins/n-090.shtml	third-party-advisorygovernment-resourcex_refsource_CIAC
	http://www.securityfocus.com/bid/7448	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:36.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html"
          },
          {
            "name": "RHSA-2003:113",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-113.html"
          },
          {
            "name": "RHSA-2003:114",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2003-114.html"
          },
          {
            "name": "N-090",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/n-090.shtml"
          },
          {
            "name": "7448",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/7448"
          },
          {
            "name": "modauthany-command-execution(11893)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11893"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html"
        },
        {
          "name": "RHSA-2003:113",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-113.html"
        },
        {
          "name": "RHSA-2003:114",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2003-114.html"
        },
        {
          "name": "N-090",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/n-090.shtml"
        },
        {
          "name": "7448",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/7448"
        },
        {
          "name": "modauthany-command-execution(11893)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11893"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0084",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html",
              "refsource": "CONFIRM",
              "url": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html"
            },
            {
              "name": "RHSA-2003:113",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-113.html"
            },
            {
              "name": "RHSA-2003:114",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2003-114.html"
            },
            {
              "name": "N-090",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/n-090.shtml"
            },
            {
              "name": "7448",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/7448"
            },
            {
              "name": "modauthany-command-execution(11893)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11893"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0084",
    "datePublished": "2003-04-29T04:00:00",
    "dateReserved": "2003-02-10T00:00:00",
    "dateUpdated": "2024-08-08T01:43:36.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mod_auth_any:mod_auth_any:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15E5FAE2-129D-4116-9938-0CEBC871C76E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.\"}, {\"lang\": \"es\", \"value\": \"El paquete mod_auth_any en Red Hat Enterprise Linux 2.1 y otros sistemas operativos no escapa adecuadamente argumentos cuando llama a otros programas, lo que permite a atacantes ejecutar c\\u00f3digo arbitrarios mediante metacaract\\u00e9res de shell.\"}]",
      "id": "CVE-2003-0084",
      "lastModified": "2024-11-20T23:43:54.903",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2003-05-12T04:00:00.000",
      "references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2003-114.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.ciac.org/ciac/bulletins/n-090.shtml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.itlab.musc.edu/webNIS/mod_auth_any.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-113.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/7448\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/11893\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2003-114.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.ciac.org/ciac/bulletins/n-090.shtml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.itlab.musc.edu/webNIS/mod_auth_any.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-113.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/7448\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/11893\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0084\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-05-12T04:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.\"},{\"lang\":\"es\",\"value\":\"El paquete mod_auth_any en Red Hat Enterprise Linux 2.1 y otros sistemas operativos no escapa adecuadamente argumentos cuando llama a otros programas, lo que permite a atacantes ejecutar c\u00f3digo arbitrarios mediante metacaract\u00e9res de shell.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mod_auth_any:mod_auth_any:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15E5FAE2-129D-4116-9938-0CEBC871C76E\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2003-114.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.ciac.org/ciac/bulletins/n-090.shtml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.itlab.musc.edu/webNIS/mod_auth_any.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-113.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/7448\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/11893\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2003-114.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.ciac.org/ciac/bulletins/n-090.shtml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.itlab.musc.edu/webNIS/mod_auth_any.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-113.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/7448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/11893\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

RHSA-2003:113

Vulnerability from csaf_redhat - Published: 2003-05-02 11:57 - Updated: 2025-11-21 17:25

Summary

Red Hat Security Advisory: : Updated mod_auth_any packages available

Notes

Topic

Updated mod_auth_any packages are now available for Red Hat Linux.

Details

mod_auth_any is a Web server module that allows the Apache httpd server to call arbitrary external programs to verify user passwords. Vulnerabilities have been found in the way mod_auth_any escapes shell arguments when calling external programs. Versions of mod_auth_any included in Red Hat Linux 7.2 and 7.3 are affected. These vulnerabilities allow remote attackers to run arbitrary commands as the user under which the Web server is running. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0084 to these issues. All users are advised to upgrade to these errata packages, which address these vulnerabilities by changing the method by which external programs are invoked. Note: This updated module is more careful in checking the results of the AuthAnyUserProg. Previous versions did not distinguish between the program outputting nothing due to success or a crash. This replacement version treats a zero-length result as if it were an "Authentication Error," and expects the program to output a valid username on success. Red Hat would like to thank Daniel Jarboe and Maneesh Sahani for bringing these issues to our attention.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated mod_auth_any packages are now available for Red Hat Linux.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "mod_auth_any is a Web server module that allows the Apache httpd server to\ncall arbitrary external programs to verify user passwords.\n\nVulnerabilities have been found in the way mod_auth_any escapes shell\narguments when calling external programs. Versions of mod_auth_any included\nin Red Hat Linux 7.2 and 7.3 are affected.  These vulnerabilities\nallow remote attackers to run arbitrary commands as the user under which\nthe Web server is running.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0084 to these issues.\n\nAll users are advised to upgrade to these errata packages, which address\nthese vulnerabilities by changing the method by which external programs are\ninvoked.\n\nNote: This updated module is more careful in checking the results of the\nAuthAnyUserProg. Previous versions did not distinguish between the program\noutputting nothing due to success or a crash.  This replacement version\ntreats a zero-length result as if it were an \"Authentication Error,\" and\nexpects the program to output a valid username on success.  \n\nRed Hat would like to thank Daniel Jarboe and Maneesh Sahani for bringing\nthese issues to our attention.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:113",
        "url": "https://access.redhat.com/errata/RHSA-2003:113"
      },
      {
        "category": "external",
        "summary": "77414",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=77414"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_113.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated mod_auth_any packages available",
    "tracking": {
      "current_release_date": "2025-11-21T17:25:53+00:00",
      "generator": {
        "date": "2025-11-21T17:25:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2003:113",
      "initial_release_date": "2003-05-02T11:57:00+00:00",
      "revision_history": [
        {
          "date": "2003-05-02T11:57:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-05-02T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:25:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0084",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616962"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0084"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616962",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616962"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0084",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0084"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0084",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0084"
        }
      ],
      "release_date": "2003-04-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-05-02T11:57:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:113"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003_113

Vulnerability from csaf_redhat - Published: 2003-05-02 11:57 - Updated: 2024-11-21 22:43

Summary

Red Hat Security Advisory: : Updated mod_auth_any packages available

Notes

Topic

Updated mod_auth_any packages are now available for Red Hat Linux.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated mod_auth_any packages are now available for Red Hat Linux.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "mod_auth_any is a Web server module that allows the Apache httpd server to\ncall arbitrary external programs to verify user passwords.\n\nVulnerabilities have been found in the way mod_auth_any escapes shell\narguments when calling external programs. Versions of mod_auth_any included\nin Red Hat Linux 7.2 and 7.3 are affected.  These vulnerabilities\nallow remote attackers to run arbitrary commands as the user under which\nthe Web server is running.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0084 to these issues.\n\nAll users are advised to upgrade to these errata packages, which address\nthese vulnerabilities by changing the method by which external programs are\ninvoked.\n\nNote: This updated module is more careful in checking the results of the\nAuthAnyUserProg. Previous versions did not distinguish between the program\noutputting nothing due to success or a crash.  This replacement version\ntreats a zero-length result as if it were an \"Authentication Error,\" and\nexpects the program to output a valid username on success.  \n\nRed Hat would like to thank Daniel Jarboe and Maneesh Sahani for bringing\nthese issues to our attention.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:113",
        "url": "https://access.redhat.com/errata/RHSA-2003:113"
      },
      {
        "category": "external",
        "summary": "77414",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=77414"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_113.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated mod_auth_any packages available",
    "tracking": {
      "current_release_date": "2024-11-21T22:43:43+00:00",
      "generator": {
        "date": "2024-11-21T22:43:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:113",
      "initial_release_date": "2003-05-02T11:57:00+00:00",
      "revision_history": [
        {
          "date": "2003-05-02T11:57:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-05-02T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:43:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.3",
                "product": {
                  "name": "Red Hat Linux 7.3",
                  "product_id": "Red Hat Linux 7.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0084",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616962"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.2",
          "Red Hat Linux 7.3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0084"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616962",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616962"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0084",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0084"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0084",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0084"
        }
      ],
      "release_date": "2003-04-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-05-02T11:57:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.2",
            "Red Hat Linux 7.3"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:113"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003:114

Vulnerability from csaf_redhat - Published: 2003-04-28 12:51 - Updated: 2025-11-21 17:25

Summary

Red Hat Security Advisory: mod_auth_any security update

Notes

Topic

Updated mod_auth_any packages are available for Red Hat Enterprise Linux. These updated packages fix vulnerabilities associated with the manner in which mod_auth_any escapes shell arguments when calling external programs.

Details

The Web server module mod_auth_any allows the Apache httpd server to call arbitrary external programs to verify user passwords. Vulnerabilities have been found in versions of mod_auth_any included in Red Hat Enterprise Linux concerning the method by which mod_auth_any escapes shell arguments when calling external programs. These vulnerabilities allow remote attackers to run arbitrary commands as the user under which the Web server is running. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0084 to these issues. All users are advised to upgrade to these errata packages, which change the method by which external programs are invoked and, therefore, make these programs invulnerable to these issues. Red Hat would like to thank Daniel Jarboe and Maneesh Sahani for bringing these issues to our attention.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated mod_auth_any packages are available for Red Hat Enterprise Linux.\nThese updated packages fix vulnerabilities associated with the manner in\nwhich mod_auth_any escapes shell arguments when calling external programs.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Web server module mod_auth_any allows the Apache httpd server to\ncall arbitrary external programs to verify user passwords.\n\nVulnerabilities have been found in versions of mod_auth_any included in Red\nHat Enterprise Linux concerning the method by which mod_auth_any escapes\nshell arguments when calling external programs.  These vulnerabilities\nallow remote attackers to run arbitrary commands as the user under which\nthe Web server is running.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0084 to these issues.\n\nAll users are advised to upgrade to these errata packages, which change the\nmethod by which external programs are invoked and, therefore, make these\nprograms invulnerable to these issues.\n\nRed Hat would like to thank Daniel Jarboe and Maneesh Sahani for bringing\nthese issues to our attention.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:114",
        "url": "https://access.redhat.com/errata/RHSA-2003:114"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_114.json"
      }
    ],
    "title": "Red Hat Security Advisory: mod_auth_any security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:25:53+00:00",
      "generator": {
        "date": "2025-11-21T17:25:53+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2003:114",
      "initial_release_date": "2003-04-28T12:51:00+00:00",
      "revision_history": [
        {
          "date": "2003-04-28T12:51:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-04-28T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:25:53+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0084",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616962"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0084"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616962",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616962"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0084",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0084"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0084",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0084"
        }
      ],
      "release_date": "2003-04-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-04-28T12:51:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:114"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003_114

Vulnerability from csaf_redhat - Published: 2003-04-28 12:51 - Updated: 2024-11-21 22:43

Summary

Red Hat Security Advisory: mod_auth_any security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated mod_auth_any packages are available for Red Hat Enterprise Linux.\nThese updated packages fix vulnerabilities associated with the manner in\nwhich mod_auth_any escapes shell arguments when calling external programs.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Web server module mod_auth_any allows the Apache httpd server to\ncall arbitrary external programs to verify user passwords.\n\nVulnerabilities have been found in versions of mod_auth_any included in Red\nHat Enterprise Linux concerning the method by which mod_auth_any escapes\nshell arguments when calling external programs.  These vulnerabilities\nallow remote attackers to run arbitrary commands as the user under which\nthe Web server is running.  The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2003-0084 to these issues.\n\nAll users are advised to upgrade to these errata packages, which change the\nmethod by which external programs are invoked and, therefore, make these\nprograms invulnerable to these issues.\n\nRed Hat would like to thank Daniel Jarboe and Maneesh Sahani for bringing\nthese issues to our attention.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:114",
        "url": "https://access.redhat.com/errata/RHSA-2003:114"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_114.json"
      }
    ],
    "title": "Red Hat Security Advisory: mod_auth_any security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:43:47+00:00",
      "generator": {
        "date": "2024-11-21T22:43:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:114",
      "initial_release_date": "2003-04-28T12:51:00+00:00",
      "revision_history": [
        {
          "date": "2003-04-28T12:51:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-04-28T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:43:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0084",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1616962"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0084"
        },
        {
          "category": "external",
          "summary": "RHBZ#1616962",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616962"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0084",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0084"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0084",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0084"
        }
      ],
      "release_date": "2003-04-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-04-28T12:51:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:114"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

FKIE_CVE-2003-0084

Vulnerability from fkie_nvd - Published: 2003-05-12 04:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://rhn.redhat.com/errata/RHSA-2003-114.html	Patch, Vendor Advisory
cve@mitre.org	http://www.ciac.org/ciac/bulletins/n-090.shtml
cve@mitre.org	http://www.itlab.musc.edu/webNIS/mod_auth_any.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-113.html
cve@mitre.org	http://www.securityfocus.com/bid/7448	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/11893
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2003-114.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.ciac.org/ciac/bulletins/n-090.shtml
af854a3a-2127-422b-91ae-364da2661108	http://www.itlab.musc.edu/webNIS/mod_auth_any.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-113.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/7448	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/11893

Impacted products

	Vendor	Product	Version
	mod_auth_any	mod_auth_any	1.2.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mod_auth_any:mod_auth_any:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E5FAE2-129D-4116-9938-0CEBC871C76E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters."
    },
    {
      "lang": "es",
      "value": "El paquete mod_auth_any en Red Hat Enterprise Linux 2.1 y otros sistemas operativos no escapa adecuadamente argumentos cuando llama a otros programas, lo que permite a atacantes ejecutar c\u00f3digo arbitrarios mediante metacaract\u00e9res de shell."
    }
  ],
  "id": "CVE-2003-0084",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-05-12T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2003-114.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/n-090.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-113.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/7448"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2003-114.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/n-090.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-113.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/7448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11893"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2003-0084

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2003-0084

Aliases

CVE-2003-0084

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0084",
    "description": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.",
    "id": "GSD-2003-0084",
    "references": [
      "https://access.redhat.com/errata/RHSA-2003:114",
      "https://access.redhat.com/errata/RHSA-2003:113"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0084"
      ],
      "details": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.",
      "id": "GSD-2003-0084",
      "modified": "2023-12-13T01:22:12.841766Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0084",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html",
            "refsource": "CONFIRM",
            "url": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html"
          },
          {
            "name": "RHSA-2003:113",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-113.html"
          },
          {
            "name": "RHSA-2003:114",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2003-114.html"
          },
          {
            "name": "N-090",
            "refsource": "CIAC",
            "url": "http://www.ciac.org/ciac/bulletins/n-090.shtml"
          },
          {
            "name": "7448",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/7448"
          },
          {
            "name": "modauthany-command-execution(11893)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11893"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mod_auth_any:mod_auth_any:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0084"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2003:114",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2003-114.html"
            },
            {
              "name": "7448",
              "refsource": "BID",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/7448"
            },
            {
              "name": "RHSA-2003:113",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-113.html"
            },
            {
              "name": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html"
            },
            {
              "name": "N-090",
              "refsource": "CIAC",
              "tags": [],
              "url": "http://www.ciac.org/ciac/bulletins/n-090.shtml"
            },
            {
              "name": "modauthany-command-execution(11893)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11893"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-11T01:29Z",
      "publishedDate": "2003-05-12T04:00Z"
    }
  }
}

GHSA-XJX4-PHQJ-92M5

Vulnerability from github – Published: 2022-04-29 01:25 – Updated: 2022-04-29 01:25

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0084"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-05-12T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters.",
  "id": "GHSA-xjx4-phqj-92m5",
  "modified": "2022-04-29T01:25:48Z",
  "published": "2022-04-29T01:25:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0084"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11893"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2003-114.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ciac.org/ciac/bulletins/n-090.shtml"
    },
    {
      "type": "WEB",
      "url": "http://www.itlab.musc.edu/webNIS/mod_auth_any.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-113.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/7448"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2003-0084 (GCVE-0-2003-0084)

RHSA-2003:113

RHSA-2003_113

RHSA-2003:114

RHSA-2003_114

FKIE_CVE-2003-0084

GSD-2003-0084

GHSA-XJX4-PHQJ-92M5

Tags

Sightings

Nomenclature