ID CVE-2003-0476
Summary The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
References
Vulnerable Configurations
  • cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
oval via4
accepted 2014-06-09T04:01:43.654-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jerome Athias
    organization McAfee, Inc.
description The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
family unix
id oval:org.mitre.oval:def:327
status accepted
submitted 2003-09-26T12:00:00.000-04:00
title Linux Kernel execve Read Access to Restricted File Descriptors
version 36
redhat via4
advisories
  • rhsa
    id RHSA-2003:238
  • rhsa
    id RHSA-2003:368
  • rhsa
    id RHSA-2003:408
refmap via4
bugtraq 20030626 Linux 2.4.x execve() file read race vulnerability
debian
  • DSA-358
  • DSA-423
mandrake MDKSA-2003:074
suse SuSE-SA:2003:034
Last major update 03-05-2018 - 01:29
Published 07-08-2003 - 04:00
Back to Top