CVE-2003-0476

The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=bugtraq&m=105664924024009&w=2
http://www.debian.org/security/2004/dsa-358
http://www.debian.org/security/2004/dsa-423	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2003:074
http://www.redhat.com/support/errata/RHSA-2003-238.html
http://www.redhat.com/support/errata/RHSA-2003-368.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-408.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2003-08-07 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2003-0476

Mitre link : CVE-2003-0476

CVE.ORG link : CVE-2003-0476

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-Other

{"id": "CVE-2003-0476", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-08-07T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=105664924024009&w=2", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2004/dsa-358", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2004/dsa-423", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-238.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-368.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2003-408.html", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors."}, {"lang": "es", "value": "La llamada del sistema execve en Linux 2.4.x registra el descriptor de fichero del proceso ejecutable en la tabla de ficheros del proceso llamante, lo que permite a usuarios locales ganar acceso de lectrura a descriptores de fichero restringidos."}], "lastModified": "2018-05-03T01:29:20.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C24A129D-2E5E-436C-95DE-AE75D2E8D092"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}