var-200308-0094
Vulnerability from variot
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. Therefore, it cannot be read originally setuid It is possible to create an executable file with a bit assigned as a new executable file by changing the owner. As a result, local attackers who exploit this issue cannot read it setuid It is possible to read an executable file with a bit attached. At this time, it has been reported that this issue could potentially be used to execute arbitrary code with elevated privileges.Please refer to the “Overview” for the impact of this vulnerability. The problem lies in the atomicity of placing a target executables file descriptor within the current process descriptor and executing the file. Linux is an open source operating system. The execve() function has the following code (fs/binfmt_elf.c): static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) { struct file interpreter = NULL; / to shut gcc up / [...] retval = kernel_read(bprm->file, elf_ex.e_phoff, (char ) elf_phdata, size); if (retval < 0) goto out_free_ph; retval = get_unused_fd(); if (retval < 0) goto out_free_ph; get_file(bprm- >file); fd_install(elf_exec_fileno = retval, bprm->file); When executing a new binary program, put the open executable file descriptor into the file table of the current process (current execve() caller), and execute . This allows an attacker to read the contents of the suid program (even if the attacker does not have permission to read)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200308-0094", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "kernel", "scope": "eq", "trust": 1.9, "vendor": "linux", "version": "2.4.4" }, { "model": "kernel", "scope": "eq", "trust": 1.9, "vendor": "linux", "version": "2.4.3" }, { "model": "kernel", "scope": "eq", "trust": 1.9, "vendor": "linux", "version": "2.4.2" }, { "model": "kernel", "scope": "eq", "trust": 1.9, "vendor": "linux", "version": "2.4.1" }, { "model": "kernel", "scope": "eq", "trust": 1.6, "vendor": "linux", "version": "2.4.0" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.21" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.20" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.19" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.18" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.17" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.16" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.15" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.14" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.13" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.12" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.11" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.10" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.9" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.8" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.7" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.6" }, { "model": "kernel", "scope": "eq", "trust": 1.3, "vendor": "linux", "version": "2.4.5" }, { "model": "mandrake linux", "scope": "eq", "trust": 1.0, "vendor": "mandrakesoft", "version": "8.2" }, { "model": "mandrake linux corporate server", "scope": "eq", "trust": 1.0, "vendor": "mandrakesoft", "version": "2.1" }, { "model": "mandrake multi network firewall", "scope": "eq", "trust": 1.0, "vendor": "mandrakesoft", "version": "8.2" }, { "model": "mandrake linux", "scope": "eq", "trust": 1.0, "vendor": "mandrakesoft", "version": "9.0" }, { "model": "cobalt raq550", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "7" }, { "model": "turbolinux server", "scope": "eq", "trust": 0.8, "vendor": "turbo linux", "version": "8" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "7.1" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "7.2" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "7.3" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "8.0" }, { "model": "linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "9" }, { "model": "linux advanced work station", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "kernel-utils-2.4-8.29.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-utils-2.4-8.13.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-utils-2.4-7.4.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-uml-2.4.18-14.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-source-2.4.7-10.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-source-2.4.20-8.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-source-2.4.2-2.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-source-2.4.18-3.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-source-2.4.18-14.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-smp-2.4.7-10.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-smp-2.4.7-10.i586.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-smp-2.4.7-10.athlon.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-smp-2.4.20-8.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-smp-2.4.20-8.athlon.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-smp-2.4.2-2.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-smp-2.4.2-2.i586.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-smp-2.4.18-3.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-smp-2.4.18-3.i586.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-smp-2.4.18-3.athlon.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-smp-2.4.18-14.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-smp-2.4.18-14.athlon.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-headers-2.4.7-10.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-headers-2.4.2-2.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-enterprise-2.4.2-2.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-doc-2.4.7-10.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-doc-2.4.20-8.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-doc-2.4.2-2.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-doc-2.4.18-3.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-doc-2.4.18-14.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-debug-2.4.18-3.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-debug-2.4.18-14.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-boot-2.4.7-10.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-boot-2.4.20-8.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-boot-2.4.2-2.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-boot-2.4.18-3.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-boot-2.4.18-14.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-bigmem-2.4.20-8.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-bigmem-2.4.18-3.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-bigmem-2.4.18-14.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.7-10.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.7-10.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.7-10.athlon.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.20-8.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.20-8.i586.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.20-8.athlon.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.2-2.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.2-2.i586.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.2-2.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.18-3.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.18-3.i386.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.18-3.athlon.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.18-14.i686.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.18-14.i586.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "kernel-2.4.18-14.athlon.rpm", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "enterprise linux ws ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "enterprise linux es ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "hat enterprise linux as ia64", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "2.1" }, { "model": "hat enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "2.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "9.0" }, { "model": "linux mandrake ppc", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "8.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "8.2" }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.4" } ], "sources": [ { "db": "BID", "id": "8042" }, { "db": "JVNDB", "id": "JVNDB-2003-000197" }, { "db": "NVD", "id": "CVE-2003-0462" }, { "db": "CNNVD", "id": "CNNVD-200308-176" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2003-0462" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Paul Starzetz\u203b paul@starzetz.de", "sources": [ { "db": "CNNVD", "id": "CNNVD-200308-176" } ], "trust": 0.6 }, "cve": "CVE-2003-0462", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 1.2, "confidentialityImpact": "NONE", "exploitabilityScore": 1.9, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "High", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 1.2, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2003-0462", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 1.2, "confidentialityImpact": "NONE", "exploitabilityScore": 1.9, "id": "VHN-7290", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:L/AC:H/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2003-0462", "trust": 1.8, "value": "LOW" }, { "author": "CNNVD", "id": "CNNVD-200308-176", "trust": 0.6, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-7290", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-7290" }, { "db": "JVNDB", "id": "JVNDB-2003-000197" }, { "db": "NVD", "id": "CVE-2003-0462" }, { "db": "CNNVD", "id": "CNNVD-200308-176" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. Therefore, it cannot be read originally setuid It is possible to create an executable file with a bit assigned as a new executable file by changing the owner. As a result, local attackers who exploit this issue cannot read it setuid It is possible to read an executable file with a bit attached. At this time, it has been reported that this issue could potentially be used to execute arbitrary code with elevated privileges.Please refer to the \u201cOverview\u201d for the impact of this vulnerability. The problem lies in the atomicity of placing a target executables file descriptor within the current process descriptor and executing the file. Linux is an open source operating system. The execve() function has the following code (fs/binfmt_elf.c): static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) { struct file *interpreter = NULL; /* to shut gcc up */ [...] retval = kernel_read(bprm-\u003efile, elf_ex.e_phoff, (char *) elf_phdata, size); if (retval \u003c 0) goto out_free_ph; retval = get_unused_fd(); if (retval \u003c 0) goto out_free_ph; get_file(bprm- \u003efile); fd_install(elf_exec_fileno = retval, bprm-\u003efile); When executing a new binary program, put the open executable file descriptor into the file table of the current process (current execve() caller), and execute . This allows an attacker to read the contents of the suid program (even if the attacker does not have permission to read)", "sources": [ { "db": "NVD", "id": "CVE-2003-0462" }, { "db": "JVNDB", "id": "JVNDB-2003-000197" }, { "db": "BID", "id": "8042" }, { "db": "VULHUB", "id": "VHN-7290" } ], "trust": 1.98 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-7290", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-7290" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2003-0462", "trust": 2.8 }, { "db": "BID", "id": "8042", "trust": 1.2 }, { "db": "JVNDB", "id": "JVNDB-2003-000197", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200308-176", "trust": 0.7 }, { "db": "DEBIAN", "id": "DSA-423", "trust": 0.6 }, { "db": "DEBIAN", "id": "DSA-358", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2003:239", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2003:238", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2003:198", "trust": 0.6 }, { "db": "OVAL", "id": "OVAL:ORG.MITRE.OVAL:DEF:309", "trust": 0.6 }, { "db": "SEEBUG", "id": "SSVID-76634", "trust": 0.1 }, { "db": "EXPLOIT-DB", "id": "22840", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-7290", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-7290" }, { "db": "BID", "id": "8042" }, { "db": "JVNDB", "id": "JVNDB-2003-000197" }, { "db": "NVD", "id": "CVE-2003-0462" }, { "db": "CNNVD", "id": "CNNVD-200308-176" } ] }, "id": "VAR-200308-0094", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-7290" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:43:51.978000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "RHSA-2003:238", "trust": 0.8, "url": "https://rhn.redhat.com/errata/rhsa-2003-238.html" }, { "title": "550 Kernel C10 Update 0.0.1", "trust": 0.8, "url": "http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng\u0026amp;nav=patchpage" }, { "title": "TLSA-2003-58", "trust": 0.8, "url": "http://www.turbolinux.com/security/2003/tlsa-2003-58.txt" }, { "title": "RHSA-2003:238", "trust": 0.8, "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-238j.html" }, { "title": "TLSA-2003-58", "trust": 0.8, "url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-58j.txt" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2003-000197" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2003-0462" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://www.debian.org/security/2004/dsa-358" }, { "trust": 1.7, "url": "http://www.debian.org/security/2004/dsa-423" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2003-198.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2003-238.html" }, { "trust": 1.7, "url": "http://www.redhat.com/support/errata/rhsa-2003-239.html" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a309" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0462" }, { "trust": 0.8, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0462" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/8042" }, { "trust": 0.6, "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:309" }, { "trust": 0.3, "url": "http://archives.neohapsis.com/archives/vendor/2003-q3/0052.html" }, { "trust": 0.3, "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a\u0026anuncio=000712" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhba-2003-263.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2003-198.html" }, { "trust": 0.3, "url": "http://rhn.redhat.com/errata/rhsa-2003-239.html" }, { "trust": 0.3, "url": "/archive/1/326872" } ], "sources": [ { "db": "VULHUB", "id": "VHN-7290" }, { "db": "BID", "id": "8042" }, { "db": "JVNDB", "id": "JVNDB-2003-000197" }, { "db": "NVD", "id": "CVE-2003-0462" }, { "db": "CNNVD", "id": "CNNVD-200308-176" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-7290" }, { "db": "BID", "id": "8042" }, { "db": "JVNDB", "id": "JVNDB-2003-000197" }, { "db": "NVD", "id": "CVE-2003-0462" }, { "db": "CNNVD", "id": "CNNVD-200308-176" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2003-08-27T00:00:00", "db": "VULHUB", "id": "VHN-7290" }, { "date": "2003-06-26T00:00:00", "db": "BID", "id": "8042" }, { "date": "2007-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2003-000197" }, { "date": "2003-08-27T04:00:00", "db": "NVD", "id": "CVE-2003-0462" }, { "date": "2003-06-06T00:00:00", "db": "CNNVD", "id": "CNNVD-200308-176" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-10-11T00:00:00", "db": "VULHUB", "id": "VHN-7290" }, { "date": "2009-07-11T22:56:00", "db": "BID", "id": "8042" }, { "date": "2007-04-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2003-000197" }, { "date": "2017-10-11T01:29:10.433000", "db": "NVD", "id": "CVE-2003-0462" }, { "date": "2005-10-20T00:00:00", "db": "CNNVD", "id": "CNNVD-200308-176" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "8042" }, { "db": "CNNVD", "id": "CNNVD-200308-176" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Linux Kernel of execve Vulnerability that causes a race condition in system calls", "sources": [ { "db": "JVNDB", "id": "JVNDB-2003-000197" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "competitive condition", "sources": [ { "db": "CNNVD", "id": "CNNVD-200308-176" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.