Sign-up

ID

VAR-200308-0094


CVE

CVE-2003-0462


TITLE

Linux Kernel of execve Vulnerability that causes a race condition in system calls

Trust: 0.8

sources: JVNDB: JVNDB-2003-000197

DESCRIPTION

A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. Therefore, it cannot be read originally setuid It is possible to create an executable file with a bit assigned as a new executable file by changing the owner. As a result, local attackers who exploit this issue cannot read it setuid It is possible to read an executable file with a bit attached. At this time, it has been reported that this issue could potentially be used to execute arbitrary code with elevated privileges.Please refer to the “Overview” for the impact of this vulnerability. The problem lies in the atomicity of placing a target executables file descriptor within the current process descriptor and executing the file. Linux is an open source operating system. The execve() function has the following code (fs/binfmt_elf.c): static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) { struct file *interpreter = NULL; /* to shut gcc up */ [...] retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size); if (retval < 0) goto out_free_ph; retval = get_unused_fd(); if (retval < 0) goto out_free_ph; get_file(bprm- >file); fd_install(elf_exec_fileno = retval, bprm->file); When executing a new binary program, put the open executable file descriptor into the file table of the current process (current execve() caller), and execute . This allows an attacker to read the contents of the suid program (even if the attacker does not have permission to read)

Trust: 1.98

sources: NVD: CVE-2003-0462 // JVNDB: JVNDB-2003-000197 // BID: 8042 // VULHUB: VHN-7290

AFFECTED PRODUCTS

vendor:linuxmodel:kernelscope:eqversion:2.4.4

Trust: 1.9

vendor:linuxmodel:kernelscope:eqversion:2.4.3

Trust: 1.9

vendor:linuxmodel:kernelscope:eqversion:2.4.2

Trust: 1.9

vendor:linuxmodel:kernelscope:eqversion:2.4.1

Trust: 1.9

vendor:linuxmodel:kernelscope:eqversion:2.4.0

Trust: 1.6

vendor:linuxmodel:kernelscope:eqversion:2.4.21

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.20

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.19

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.18

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.17

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.16

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.15

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.14

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.13

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.12

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.11

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.10

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.9

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.8

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.7

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.6

Trust: 1.3

vendor:linuxmodel:kernelscope:eqversion:2.4.5

Trust: 1.3

vendor:mandrakesoftmodel:mandrake multi network firewallscope:eqversion:8.2

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linux corporate serverscope:eqversion:2.1

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:9.0

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:8.2

Trust: 1.0

vendor:sun microsystemsmodel:cobalt raq550scope: - version: -

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:7

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:8

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.1

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.3

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:8.0

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:9

Trust: 0.8

vendor:redhatmodel:linux advanced work stationscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:kernel-utils-2.4-8.29.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-utils-2.4-8.13.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-utils-2.4-7.4.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-uml-2.4.18-14.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-source-2.4.7-10.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-source-2.4.20-8.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-source-2.4.2-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-source-2.4.18-3.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-source-2.4.18-14.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.7-10.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.7-10.i586.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.7-10.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.20-8.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.20-8.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.2-2.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.2-2.i586.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.18-3.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.18-3.i586.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.18-3.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.18-14.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-smp-2.4.18-14.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-headers-2.4.7-10.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-headers-2.4.2-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-enterprise-2.4.2-2.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-doc-2.4.7-10.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-doc-2.4.20-8.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-doc-2.4.2-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-doc-2.4.18-3.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-doc-2.4.18-14.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-debug-2.4.18-3.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-debug-2.4.18-14.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-boot-2.4.7-10.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-boot-2.4.20-8.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-boot-2.4.2-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-boot-2.4.18-3.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-boot-2.4.18-14.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-bigmem-2.4.20-8.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-bigmem-2.4.18-3.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-bigmem-2.4.18-14.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.7-10.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.7-10.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.7-10.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.20-8.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.20-8.i586.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.20-8.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.2-2.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.2-2.i586.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.2-2.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.18-3.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.18-3.i386.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.18-3.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.18-14.i686.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.18-14.i586.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:kernel-2.4.18-14.athlon.rpmscope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux ws ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux es ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:2.1

Trust: 0.3

vendor:redmodel:hat enterprise linux as ia64scope:eqversion:2.1

Trust: 0.3

vendor:redmodel:hat enterprise linux asscope:eqversion:2.1

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:9.0

Trust: 0.3

vendor:mandrivamodel:linux mandrake ppcscope:eqversion:8.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:8.2

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:2.1

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.4

Trust: 0.3

sources: BID: 8042 // JVNDB: JVNDB-2003-000197 // CNNVD: CNNVD-200308-176 // NVD: CVE-2003-0462

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0462
value: LOW

Trust: 1.0

NVD: CVE-2003-0462
value: LOW

Trust: 0.8

CNNVD: CNNVD-200308-176
value: LOW

Trust: 0.6

VULHUB: VHN-7290
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2003-0462
severity: LOW
baseScore: 1.2
vectorString: AV:L/AC:H/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-7290
severity: LOW
baseScore: 1.2
vectorString: AV:L/AC:H/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 1.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-7290 // JVNDB: JVNDB-2003-000197 // CNNVD: CNNVD-200308-176 // NVD: CVE-2003-0462

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0462

THREAT TYPE

local

Trust: 0.9

sources: BID: 8042 // CNNVD: CNNVD-200308-176

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-200308-176

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2003-000197

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-7290

PATCH
title:RHSA-2003:238url:https://rhn.redhat.com/errata/RHSA-2003-238.html
Trust: 0.8
title:550 Kernel C10 Update 0.0.1url:http://sunsolve.sun.com/pub-cgi/show.pl?target=cobalt/raq550.eng&amp;nav=patchpage
Trust: 0.8
title:TLSA-2003-58url:http://www.turbolinux.com/security/2003/TLSA-2003-58.txt
Trust: 0.8
title:RHSA-2003:238url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-238J.html
Trust: 0.8
title:TLSA-2003-58url:http://www.turbolinux.co.jp/security/2003/TLSA-2003-58j.txt
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2003-000197

EXTERNAL IDS
db:NVDid:CVE-2003-0462
Trust: 2.8
db:BIDid:8042
Trust: 1.2
db:JVNDBid:JVNDB-2003-000197
Trust: 0.8
db:CNNVDid:CNNVD-200308-176
Trust: 0.7
db:DEBIANid:DSA-423
Trust: 0.6
db:DEBIANid:DSA-358
Trust: 0.6
db:REDHATid:RHSA-2003:239
Trust: 0.6
db:REDHATid:RHSA-2003:238
Trust: 0.6
db:REDHATid:RHSA-2003:198
Trust: 0.6
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:309
Trust: 0.6
db:SEEBUGid:SSVID-76634
Trust: 0.1
db:EXPLOIT-DBid:22840
Trust: 0.1
db:VULHUBid:VHN-7290
Trust: 0.1
sources:
            
            
            VULHUB: VHN-7290 // 
            
            
            
            BID: 8042 // 
            
            
            
            JVNDB: JVNDB-2003-000197 // 
            
            
            
            CNNVD: CNNVD-200308-176 // 
            
            
            
            NVD: CVE-2003-0462

REFERENCES
url:http://www.debian.org/security/2004/dsa-358
Trust: 1.7
url:http://www.debian.org/security/2004/dsa-423
Trust: 1.7
url:http://www.redhat.com/support/errata/rhsa-2003-198.html
Trust: 1.7
url:http://www.redhat.com/support/errata/rhsa-2003-238.html
Trust: 1.7
url:http://www.redhat.com/support/errata/rhsa-2003-239.html
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a309
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0462
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0462
Trust: 0.8
url:http://www.securityfocus.com/bid/8042
Trust: 0.8
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:309
Trust: 0.6
url:http://archives.neohapsis.com/archives/vendor/2003-q3/0052.html
Trust: 0.3
url:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000712
Trust: 0.3
url:http://rhn.redhat.com/errata/rhba-2003-263.html
Trust: 0.3
url:http://rhn.redhat.com/errata/rhsa-2003-198.html
Trust: 0.3
url:http://rhn.redhat.com/errata/rhsa-2003-239.html
Trust: 0.3
url:/archive/1/326872
Trust: 0.3
sources:
            
            
            VULHUB: VHN-7290 // 
            
            
            
            BID: 8042 // 
            
            
            
            JVNDB: JVNDB-2003-000197 // 
            
            
            
            CNNVD: CNNVD-200308-176 // 
            
            
            
            NVD: CVE-2003-0462

CREDITS
Paul Starzetz※ paul@starzetz.de
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200308-176

SOURCES
db:VULHUBid:VHN-7290
db:BIDid:8042
db:JVNDBid:JVNDB-2003-000197
db:CNNVDid:CNNVD-200308-176
db:NVDid:CVE-2003-0462

LAST UPDATE DATE
2024-08-14T12:17:53.439000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-7290date:2017-10-11T00:00:00
db:BIDid:8042date:2009-07-11T22:56:00
db:JVNDBid:JVNDB-2003-000197date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200308-176date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0462date:2017-10-11T01:29:10.433

SOURCES RELEASE DATE
db:VULHUBid:VHN-7290date:2003-08-27T00:00:00
db:BIDid:8042date:2003-06-26T00:00:00
db:JVNDBid:JVNDB-2003-000197date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200308-176date:2003-06-06T00:00:00
db:NVDid:CVE-2003-0462date:2003-08-27T04:00:00