CVE-2003-0390 - Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used i

CVE-2003-0390

Summary

Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.

References

http://marc.info/?l=bugtraq&m=105121918523320&w=2
http://marc.info/?l=bugtraq&m=105371246204866&w=2
http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz

Vulnerable Configurations

cpe:2.3:a:james_theiler:opt:*:*:*:*:*:*:*:*
cpe:2.3:a:james_theiler:opt:*:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 18-10-2016 - 02:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20030424 SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows. 20030523 Re: Options Parsing Tool library buffer overflows.
confirm	http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz

Last major update

18-10-2016 - 02:33

Published

02-07-2003 - 04:00

Last modified

18-10-2016 - 02:33