ID CVE-2003-0476
Summary The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
References
Vulnerable Configurations
  • Linux Kernel 2.4.0
    cpe:2.3:o:linux:linux_kernel:2.4.0
CVSS
Base: 2.1 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2003-408.NASL
    description Updated kernel packages that address various security vulnerabilities, fix a number of bugs, and update various drivers are now available. The Linux kernel handles the basic functions of the operating system. The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0476 to this issue. A number of bugfixes are included, including important fixes for the ext3 file system and timer code. New features include limited support for non-cached NFS file sytems, Serial ATA (SATA) devices, and new alt-sysreq debugging options. In addition, the following drivers have been updated : - e100 2.3.30-k1 - e1000 5.2.20-k1 - fusion 2.05.05+ - ips 6.10.52 - aic7xxx 6.2.36 - aic79xxx 1.3.10 - megaraid 2 2.00.9 - cciss 2.4.49 All users are advised to upgrade to these erratum packages, which contain backported patches addressing these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12442
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12442
    title RHEL 2.1 : kernel (RHSA-2003:408)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-358.NASL
    description A number of vulnerabilities have been discovered in the Linux kernel. - CAN-2003-0461: /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. This bug has been fixed by restricting access to /proc/tty/driver/serial. - CAN-2003-0462: A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). - CAN-2003-0476: The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. - CAN-2003-0501: The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries. - CAN-2003-0550: The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. This bug has been fixed by disabling STP by default. - CAN-2003-0551: The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. - CAN-2003-0552: Linux 2.4.x allows remote attackers to spoof the bridge forwarding table via forged packets whose source addresses are the same as the target. - CAN-2003-0018: Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. This bug has been fixed by disabling O_DIRECT. - CAN-2003-0619: Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. This advisory covers only the i386 and alpha architectures. Other architectures will be covered by separate advisories.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15195
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15195
    title Debian DSA-358-4 : linux-kernel-2.4.18 - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-423.NASL
    description The IA-64 maintainers fixed several security related bugs in the Linux kernel 2.4.17 used for the IA-64 architecture, mostly by backporting fixes from 2.4.18. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project : - CAN-2003-0001 : Multiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. - CAN-2003-0018 : Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. - CAN-2003-0127 : The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process which is spawned by the kernel. - CAN-2003-0461 : The virtual file /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. - CAN-2003-0462 : A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). - CAN-2003-0476 : The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. - CAN-2003-0501 : The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries. - CAN-2003-0550 : The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. - CAN-2003-0551 : The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service. - CAN-2003-0552 : Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. - CAN-2003-0961 : An integer overflow in brk system call (do_brk function) for Linux kernel 2.4.22 and earlier allows local users to gain root privileges. - CAN-2003-0985 : The mremap system call (do_mremap) in Linux kernel 2.4 and 2.6 does not properly perform boundary checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15260
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15260
    title Debian DSA-423-1 : linux-kernel-2.4.17-ia64 - several vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2003-074.NASL
    description Multiple vulnerabilities were discovered and fixed in the Linux kernel. - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. - CVE-2003-0462: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14057
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14057
    title Mandrake Linux Security Advisory : kernel (MDKSA-2003:074)
oval via4
accepted 2014-06-09T04:01:43.654-04:00
class vulnerability
contributors
  • name Jay Beale
    organization Bastille Linux
  • name Jay Beale
    organization Bastille Linux
  • name Thomas R. Jones
    organization Maitreya Security
  • name Jerome Athias
    organization McAfee, Inc.
description The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
family unix
id oval:org.mitre.oval:def:327
status accepted
submitted 2003-09-26T12:00:00.000-04:00
title Linux Kernel execve Read Access to Restricted File Descriptors
version 36
redhat via4
advisories
  • rhsa
    id RHSA-2003:238
  • rhsa
    id RHSA-2003:368
  • rhsa
    id RHSA-2003:408
refmap via4
bugtraq 20030626 Linux 2.4.x execve() file read race vulnerability
debian
  • DSA-358
  • DSA-423
mandrake MDKSA-2003:074
suse SuSE-SA:2003:034
Last major update 17-10-2016 - 22:34
Published 07-08-2003 - 00:00
Last modified 02-05-2018 - 21:29
Back to Top