gsd-2003-0476
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2003-0476", "description": "The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.", "id": "GSD-2003-0476", "references": [ "https://www.debian.org/security/2004/dsa-423", "https://www.debian.org/security/2003/dsa-358", "https://access.redhat.com/errata/RHSA-2003:408", "https://access.redhat.com/errata/RHSA-2003:368", "https://access.redhat.com/errata/RHSA-2003:238" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2003-0476" ], "details": "The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.", "id": "GSD-2003-0476", "modified": "2023-12-13T01:22:13.492760Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0476", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "oval:org.mitre.oval:def:327", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327" }, { "name": "20030626 Linux 2.4.x execve() file read race vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq\u0026m=105664924024009\u0026w=2" }, { "name": "RHSA-2003:238", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-238.html" }, { "name": "DSA-423", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-423" }, { "name": "MDKSA-2003:074", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074" }, { "name": "RHSA-2003:408", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-408.html" }, { "name": "DSA-358", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-358" }, { "name": "RHSA-2003:368", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-368.html" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0476" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2003:368", "refsource": "REDHAT", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.redhat.com/support/errata/RHSA-2003-368.html" }, { "name": "DSA-423", "refsource": "DEBIAN", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.debian.org/security/2004/dsa-423" }, { "name": "RHSA-2003:238", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2003-238.html" }, { "name": "RHSA-2003:408", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2003-408.html" }, { "name": "DSA-358", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2004/dsa-358" }, { "name": "MDKSA-2003:074", "refsource": "MANDRAKE", "tags": [], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074" }, { "name": "20030626 Linux 2.4.x execve() file read race vulnerability", "refsource": "BUGTRAQ", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=105664924024009\u0026w=2" }, { "name": "oval:org.mitre.oval:def:327", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false } }, "lastModifiedDate": "2018-05-03T01:29Z", "publishedDate": "2003-08-07T04:00Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.