ID

VAR-200308-0094


CVE

CVE-2003-0462


TITLE

Linux Kernel of execve Vulnerability that causes a race condition in system calls

Trust: 0.8

sources: JVNDB: JVNDB-2003-000197

DESCRIPTION

A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. Therefore, it cannot be read originally setuid It is possible to create an executable file with a bit assigned as a new executable file by changing the owner. As a result, local attackers who exploit this issue cannot read it setuid It is possible to read an executable file with a bit attached. At this time, it has been reported that this issue could potentially be used to execute arbitrary code with elevated privileges.Please refer to the “Overview” for the impact of this vulnerability. The problem lies in the atomicity of placing a target executables file descriptor within the current process descriptor and executing the file. Linux is an open source operating system. The execve() function has the following code (fs/binfmt_elf.c): static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) { struct file *interpreter = NULL; /* to shut gcc up */ [...] retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size); if (retval < 0) goto out_free_ph; retval = get_unused_fd(); if (retval < 0) goto out_free_ph; get_file(bprm- >file); fd_install(elf_exec_fileno = retval, bprm->file); When executing a new binary program, put the open executable file descriptor into the file table of the current process (current execve() caller), and execute . This allows an attacker to read the contents of the suid program (even if the attacker does not have permission to read)

Trust: 1.98

sources: NVD: CVE-2003-0462 // JVNDB: JVNDB-2003-000197 // BID: 8042 // VULHUB: VHN-7290

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:2.4.4

Trust: 1.9

vendor:linuxmodel:kernelscope:eqversion:2.4.3

Trust: 1.9

vendor:linuxmodel:kernelscope:eqversion:2.4.2

Trust: 1.9

vendor:linuxmodel:kernelscope:eqversion:2.4.1

Trust: 1.9

vendor:linuxmodel:kernelscope:eqversion:2.4.0

Trust: 1.6

vendor:linuxmodel:kernelscope:eqversion:2.4.21

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.20

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.19

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.18

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.17

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.16

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.15

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.14

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.13

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.12

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.11

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.10

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.9

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.8

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.7

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.6

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.5

Trust: 1.3

vendor:mandrakesoftmodel:mandrake multi network firewallscope:eqversion:8.2

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linux corporate serverscope:eqversion:2.1

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:9.0

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:8.2

Trust: 1.0

vendor:sun microsystemsmodel:cobalt raq550scope: - version: -

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:7

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:8

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.1

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.3

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:8.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:9

Trust: 0.8

vendor:redhatmodel:linux advanced work stationscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:kernel-utils-2.4-8.29.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-utils-2.4-8.13.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-utils-2.4-7.4.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-uml-2.4.18-14.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-source-2.4.7-10.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-source-2.4.20-8.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-source-2.4.2-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-source-2.4.18-3.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-source-2.4.18-14.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.7-10.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.7-10.i586.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.7-10.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.20-8.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.20-8.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.2-2.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.2-2.i586.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.18-3.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.18-3.i586.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.18-3.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.18-14.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.18-14.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-headers-2.4.7-10.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-headers-2.4.2-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-enterprise-2.4.2-2.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-doc-2.4.7-10.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-doc-2.4.20-8.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-doc-2.4.2-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-doc-2.4.18-3.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-doc-2.4.18-14.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-debug-2.4.18-3.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-debug-2.4.18-14.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-boot-2.4.7-10.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-boot-2.4.20-8.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-boot-2.4.2-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-boot-2.4.18-3.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-boot-2.4.18-14.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-bigmem-2.4.20-8.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-bigmem-2.4.18-3.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-bigmem-2.4.18-14.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.7-10.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.7-10.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.7-10.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.20-8.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.20-8.i586.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.20-8.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.2-2.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.2-2.i586.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.2-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.18-3.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.18-3.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.18-3.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.18-14.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.18-14.i586.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.18-14.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux ws ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux es ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:2.1

Trust: 0.3

vendor:redmodel:hat enterprise linux as ia64scope:eqversion:2.1

Trust: 0.3

vendor:redmodel:hat enterprise linux asscope:eqversion:2.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:9.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake ppcscope:eqversion:8.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:8.2

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:2.1

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4

Trust: 0.3

sources: BID: 8042 // JVNDB: JVNDB-2003-000197 // CNNVD: CNNVD-200308-176 // NVD: CVE-2003-0462

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0462
value: LOW

Trust: 1.0

NVD: CVE-2003-0462
value: LOW

Trust: 0.8

CNNVD: CNNVD-200308-176
value: LOW

Trust: 0.6

VULHUB: VHN-7290
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2003-0462
severity: LOW
baseScore: 1.2
vectorString: AV:L/AC:H/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-7290
severity: LOW
baseScore: 1.2
vectorString: AV:L/AC:H/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-7290 // JVNDB: JVNDB-2003-000197 // CNNVD: CNNVD-200308-176 // NVD: CVE-2003-0462

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0462

THREAT TYPE

local

Trust: 0.9

sources: BID: 8042 // CNNVD: CNNVD-200308-176

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-200308-176

CONFIGURATIONS

sources: JVNDB: JVNDB-2003-000197

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-7290

PATCH

title:RHSA-2003:238url:https://rhn.redhat.com/errata/RHSA-2003-238.html

Trust: 0.8

title:550 Kernel C10 Update 0.0.1url:http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng&amp;nav=patchpage

Trust: 0.8

title:TLSA-2003-58url:http://www.turbolinux.com/security/2003/TLSA-2003-58.txt

Trust: 0.8

title:RHSA-2003:238url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-238J.html

Trust: 0.8

title:TLSA-2003-58url:http://www.turbolinux.co.jp/security/2003/TLSA-2003-58j.txt

Trust: 0.8

sources: JVNDB: JVNDB-2003-000197

EXTERNAL IDS

db:NVDid:CVE-2003-0462

Trust: 2.8

db:BIDid:8042

Trust: 1.2

db:JVNDBid:JVNDB-2003-000197

Trust: 0.8

db:CNNVDid:CNNVD-200308-176

Trust: 0.7

db:DEBIANid:DSA-423

Trust: 0.6

db:DEBIANid:DSA-358

Trust: 0.6

db:REDHATid:RHSA-2003:239

Trust: 0.6

db:REDHATid:RHSA-2003:238

Trust: 0.6

db:REDHATid:RHSA-2003:198

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:309

Trust: 0.6

db:SEEBUGid:SSVID-76634

Trust: 0.1

db:EXPLOIT-DBid:22840

Trust: 0.1

db:VULHUBid:VHN-7290

Trust: 0.1

sources: VULHUB: VHN-7290 // BID: 8042 // JVNDB: JVNDB-2003-000197 // CNNVD: CNNVD-200308-176 // NVD: CVE-2003-0462

REFERENCES

url:http://www.debian.org/security/2004/dsa-358

Trust: 1.7

url:http://www.debian.org/security/2004/dsa-423

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2003-198.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2003-238.html

Trust: 1.7

url:http://www.redhat.com/support/errata/rhsa-2003-239.html

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a309

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0462

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0462

Trust: 0.8

url:http://www.securityfocus.com/bid/8042

Trust: 0.8

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:309

Trust: 0.6

url:http://archives.neohapsis.com/archives/vendor/2003-q3/0052.html

Trust: 0.3

url:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000712

Trust: 0.3

url:http://rhn.redhat.com/errata/rhba-2003-263.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2003-198.html

Trust: 0.3

url:http://rhn.redhat.com/errata/rhsa-2003-239.html

Trust: 0.3

url:/archive/1/326872

Trust: 0.3

sources: VULHUB: VHN-7290 // BID: 8042 // JVNDB: JVNDB-2003-000197 // CNNVD: CNNVD-200308-176 // NVD: CVE-2003-0462

CREDITS

Paul Starzetz※ paul@starzetz.de

Trust: 0.6

sources: CNNVD: CNNVD-200308-176

SOURCES

db:VULHUBid:VHN-7290
db:BIDid:8042
db:JVNDBid:JVNDB-2003-000197
db:CNNVDid:CNNVD-200308-176
db:NVDid:CVE-2003-0462

LAST UPDATE DATE

2024-08-14T12:17:53.439000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-7290date:2017-10-11T00:00:00
db:BIDid:8042date:2009-07-11T22:56:00
db:JVNDBid:JVNDB-2003-000197date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200308-176date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0462date:2017-10-11T01:29:10.433

SOURCES RELEASE DATE

db:VULHUBid:VHN-7290date:2003-08-27T00:00:00
db:BIDid:8042date:2003-06-26T00:00:00
db:JVNDBid:JVNDB-2003-000197date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200308-176date:2003-06-06T00:00:00
db:NVDid:CVE-2003-0462date:2003-08-27T04:00:00