Sign-up

ID

VAR-200312-0226


CVE

CVE-2003-0859


TITLE

GNU libc of getifaddrs() Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2003-000341

DESCRIPTION

The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface. Applications which make use of the kernel Netlink interface are said to be prone to denial of service attacks. It has been reported that applications implementing the getifaddrs() glibc function may be prone to denial of service attacks. The problem is said to occur due to the way getifaddrs() interacts with the netlink device. Under some circumstances, an anonymous netlink message handled by the getifaddrs() function may cause the application to crash. Red Hat has stated that GNU Zebra, Quagga and iproute are also affected by this vulnerability due to the way they interact with the netlink interface; exploitation may result in a denial of service. The precise technical details regarding this issue are currently unknown. This BID will be updated, as further information is made available. kernel Netlink is a network interface implementation

Trust: 1.98

sources: NVD: CVE-2003-0859 // JVNDB: JVNDB-2003-000341 // BID: 9027 // VULHUB: VHN-7684

AFFECTED PRODUCTS

vendor:redhatmodel:enterprise linuxscope:eqversion:2.1

Trust: 1.6

vendor:sgimodel:propackscope:eqversion:2.3

Trust: 1.3

vendor:sgimodel:propackscope:eqversion:2.2.1

Trust: 1.3

vendor:quaggamodel:routing software suitescope:eqversion:0.96.2

Trust: 1.3

vendor:gnumodel:glibcscope:eqversion:2.3.2

Trust: 1.3

vendor:gnumodel:zebrascope:eqversion:0.92a

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:3.0

Trust: 1.0

vendor:gnumodel:zebrascope:eqversion:0.93b

Trust: 1.0

vendor:gnumodel:zebrascope:eqversion:0.93a

Trust: 1.0

vendor:gnumodel:zebrascope:eqversion:0.91a

Trust: 1.0

vendor:redhatmodel:linux advanced workstationscope:eqversion:2.1

Trust: 1.0

vendor:intelmodel:ia64scope:eqversion:*

Trust: 1.0

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:7

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:8

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:9

Trust: 0.8

vendor:redhatmodel:enterprise linux ws ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux es ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:redhatmodel:enterprise linux as ia64scope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:2.1

Trust: 0.3

vendor:redhatmodel:advanced workstation for the itanium processorscope:eqversion:2.1

Trust: 0.3

vendor:gnumodel:zebra bscope:eqversion:0.93

Trust: 0.3

vendor:gnumodel:zebra ascope:eqversion:0.93

Trust: 0.3

vendor:gnumodel:zebra ascope:eqversion:0.92

Trust: 0.3

vendor:gnumodel:zebra ascope:eqversion:0.91

Trust: 0.3

vendor:gnumodel:glibcscope:eqversion:2.2.4

Trust: 0.3

sources: BID: 9027 // JVNDB: JVNDB-2003-000341 // CNNVD: CNNVD-200312-059 // NVD: CVE-2003-0859

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0859
value: MEDIUM

Trust: 1.0

NVD: CVE-2003-0859
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200312-059
value: MEDIUM

Trust: 0.6

VULHUB: VHN-7684
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2003-0859
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-7684
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-7684 // JVNDB: JVNDB-2003-000341 // CNNVD: CNNVD-200312-059 // NVD: CVE-2003-0859

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0859

THREAT TYPE

local

Trust: 0.9

sources: BID: 9027 // CNNVD: CNNVD-200312-059

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200312-059

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2003-000341

PATCH
title:RHSA-2003:325url:https://rhn.redhat.com/errata/RHSA-2003-325.html
Trust: 0.8
title:TLSA-2003-66url:http://www.turbolinux.com/security/2003/TLSA-2003-66.txt
Trust: 0.8
title:RHSA-2003:325url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-325J.html
Trust: 0.8
title:TLSA-2003-66url:http://www.turbolinux.co.jp/security/2003/TLSA-2003-66j.txt
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2003-000341

EXTERNAL IDS
db:NVDid:CVE-2003-0859
Trust: 2.8
db:BIDid:9027
Trust: 1.2
db:JVNDBid:JVNDB-2003-000341
Trust: 0.8
db:CNNVDid:CNNVD-200312-059
Trust: 0.7
db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:11337
Trust: 0.6
db:REDHATid:RHSA-2003:334
Trust: 0.6
db:REDHATid:RHSA-2003:325
Trust: 0.6
db:VULHUBid:VHN-7684
Trust: 0.1
sources:
            
            
            VULHUB: VHN-7684 // 
            
            
            
            BID: 9027 // 
            
            
            
            JVNDB: JVNDB-2003-000341 // 
            
            
            
            CNNVD: CNNVD-200312-059 // 
            
            
            
            NVD: CVE-2003-0859

REFERENCES
url:http://www.redhat.com/support/errata/rhsa-2003-325.html
Trust: 1.7
url:http://www.redhat.com/support/errata/rhsa-2003-334.html
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11337
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0859
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0859
Trust: 0.8
url:http://www.securityfocus.com/bid/9027
Trust: 0.8
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:11337
Trust: 0.6
url:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000789
Trust: 0.3
url:http://archives.neohapsis.com/archives/vendor/2004-q1/0011.html
Trust: 0.3
url:http://www.quagga.net/
Trust: 0.3
url:http://rhn.redhat.com/errata/rhsa-2003-315.html
Trust: 0.3
url:http://rhn.redhat.com/errata/rhsa-2003-317.html  
Trust: 0.3
url:http://rhn.redhat.com/errata/rhsa-2003-305.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-7684 // 
            
            
            
            BID: 9027 // 
            
            
            
            JVNDB: JVNDB-2003-000341 // 
            
            
            
            CNNVD: CNNVD-200312-059 // 
            
            
            
            NVD: CVE-2003-0859

CREDITS
Red Hat Security Advisory
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200312-059

SOURCES
db:VULHUBid:VHN-7684
db:BIDid:9027
db:JVNDBid:JVNDB-2003-000341
db:CNNVDid:CNNVD-200312-059
db:NVDid:CVE-2003-0859

LAST UPDATE DATE
2024-08-14T14:59:26.909000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-7684date:2017-10-11T00:00:00
db:BIDid:9027date:2009-07-12T00:56:00
db:JVNDBid:JVNDB-2003-000341date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200312-059date:2005-12-05T00:00:00
db:NVDid:CVE-2003-0859date:2017-10-11T01:29:15.667

SOURCES RELEASE DATE
db:VULHUBid:VHN-7684date:2003-12-15T00:00:00
db:BIDid:9027date:2003-11-12T00:00:00
db:JVNDBid:JVNDB-2003-000341date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200312-059date:2003-11-13T00:00:00
db:NVDid:CVE-2003-0859date:2003-12-15T05:00:00