Details of VAR-200308-0037

ID

VAR-200308-0037

CVE

CVE-2003-0489

TITLE

tcptraceroute give up root User permission failure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200308-030

DESCRIPTION

tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute. This condition is not currently known to be exploitable, however, it could potentially allow for local privilege escalation. tcptraceroute is a traceroute implementation using TCP packets. A local attacker can exploit this vulnerability to potentially execute arbitrary commands on the system with root process privileges. No detailed vulnerability details are currently available

Trust: 1.26

sources: NVD: CVE-2003-0489 // BID: 8020 // VULHUB: VHN-7317

AFFECTED PRODUCTS

vendor:	michael c toren	model:	tcptraceroute	scope:	lte	version:	1.4	Trust: 1.0
vendor:	michael c toren	model:	tcptraceroute	scope:	eq	version:	1.4	Trust: 0.6
vendor:	tcptraceroute	model:	tcptraceroute	scope:	eq	version:	1.2	Trust: 0.3

sources: BID: 8020 // CNNVD: CNNVD-200308-030 // NVD: CVE-2003-0489

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0489
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200308-030
value:	HIGH
Trust: 0.6
VULHUB:	VHN-7317
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-0489
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7317
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7317 // CNNVD: CNNVD-200308-030 // NVD: CVE-2003-0489

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0489

THREAT TYPE

local

Trust: 0.9

sources: BID: 8020 // CNNVD: CNNVD-200308-030

TYPE

Design Error

Trust: 0.9

sources: BID: 8020 // CNNVD: CNNVD-200308-030

EXTERNAL IDS

db:	NVD	id:	CVE-2003-0489	Trust: 2.0
db:	CNNVD	id:	CNNVD-200308-030	Trust: 0.7
db:	DEBIAN	id:	DSA-330	Trust: 0.6
db:	BID	id:	8020	Trust: 0.4
db:	VULHUB	id:	VHN-7317	Trust: 0.1

sources: VULHUB: VHN-7317 // BID: 8020 // CNNVD: CNNVD-200308-030 // NVD: CVE-2003-0489

REFERENCES

url:	http://www.debian.org/security/2003/dsa-330	Trust: 1.7
url:	http://michael.toren.net/code/tcptraceroute/	Trust: 0.3

sources: VULHUB: VHN-7317 // BID: 8020 // CNNVD: CNNVD-200308-030 // NVD: CVE-2003-0489

CREDITS

Debian Security Advisory

Trust: 0.6

sources: CNNVD: CNNVD-200308-030

SOURCES

db:	VULHUB	id:	VHN-7317
db:	BID	id:	8020
db:	CNNVD	id:	CNNVD-200308-030
db:	NVD	id:	CVE-2003-0489

LAST UPDATE DATE

2024-08-14T13:51:22.826000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7317	date:	2008-09-05T00:00:00
db:	BID	id:	8020	date:	2009-07-11T22:56:00
db:	CNNVD	id:	CNNVD-200308-030	date:	2007-07-12T00:00:00
db:	NVD	id:	CVE-2003-0489	date:	2008-09-05T20:34:26.707

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7317	date:	2003-08-07T00:00:00
db:	BID	id:	8020	date:	2003-06-24T00:00:00
db:	CNNVD	id:	CNNVD-200308-030	date:	2003-06-28T00:00:00
db:	NVD	id:	CVE-2003-0489	date:	2003-08-07T04:00:00