Sign-up

ID

VAR-200312-0259


CVE

CVE-2003-0948


TITLE

IWConfig Local ARG Command Line Buffer Overflow Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200312-054

DESCRIPTION

Buffer overflow in iwconfig allows local users to execute arbitrary code via a long HOME environment variable. A problem has been identified in the iwconfig program when handling strings on the commandline. Because of this, a local attacker may be able to gain elevated privileges. iwconfig has a buffer overflow vulnerability

Trust: 1.26

sources: NVD: CVE-2003-0948 // BID: 8901 // VULHUB: VHN-7773

AFFECTED PRODUCTS

vendor:toolsmodel:wireless toolsscope:eqversion:19

Trust: 1.6

vendor:toolsmodel:wireless toolsscope:eqversion:24

Trust: 1.6

vendor:toolsmodel:wireless toolsscope:eqversion:22

Trust: 1.6

vendor:toolsmodel:wireless toolsscope:eqversion:26

Trust: 1.6

vendor:toolsmodel:wireless toolsscope:eqversion:20

Trust: 1.6

vendor:toolsmodel:wireless toolsscope:eqversion:21

Trust: 1.6

vendor:toolsmodel:wireless toolsscope:eqversion:23

Trust: 1.6

vendor:toolsmodel:wireless toolsscope:eqversion:25

Trust: 1.6

vendor: - model:tools for linux wireless tools versionscope:eqversion:26

Trust: 0.3

vendor: - model:tools for linux wireless tools versionscope:eqversion:25

Trust: 0.3

vendor: - model:tools for linux wireless tools versionscope:eqversion:24

Trust: 0.3

vendor: - model:tools for linux wireless tools versionscope:eqversion:23

Trust: 0.3

vendor: - model:tools for linux wireless tools versionscope:eqversion:22

Trust: 0.3

vendor: - model:tools for linux wireless tools versionscope:eqversion:21

Trust: 0.3

vendor: - model:tools for linux wireless tools versionscope:eqversion:20

Trust: 0.3

vendor: - model:tools for linux wireless tools versionscope:eqversion:19

Trust: 0.3

sources: BID: 8901 // CNNVD: CNNVD-200312-054 // NVD: CVE-2003-0948

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0948
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200312-054
value: HIGH

Trust: 0.6

VULHUB: VHN-7773
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-0948
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7773
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-7773 // CNNVD: CNNVD-200312-054 // NVD: CVE-2003-0948

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0948

THREAT TYPE

local

Trust: 0.9

sources: BID: 8901 // CNNVD: CNNVD-200312-054

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200312-054

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-7773

EXTERNAL IDS
db:NVDid:CVE-2003-0948
Trust: 2.0
db:BIDid:8901
Trust: 2.0
db:CNNVDid:CNNVD-200312-054
Trust: 0.7
db:EXPLOIT-DBid:1215
Trust: 0.1
db:VULHUBid:VHN-7773
Trust: 0.1
sources:
            
            
            VULHUB: VHN-7773 // 
            
            
            
            BID: 8901 // 
            
            
            
            CNNVD: CNNVD-200312-054 // 
            
            
            
            NVD: CVE-2003-0948

REFERENCES
url:http://www.securityfocus.com/bid/8901
Trust: 1.7
url:http://www.securiteam.com/exploits/6y00r1p8ky.html
Trust: 1.7
url:http://www.hpl.hp.com/personal/jean_tourrilhes/linux/tools.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-7773 // 
            
            
            
            BID: 8901 // 
            
            
            
            CNNVD: CNNVD-200312-054 // 
            
            
            
            NVD: CVE-2003-0948

CREDITS
Discovery credited to aXiS.
Trust: 0.9
sources:
            
            
            BID: 8901 // 
            
            
            
            CNNVD: CNNVD-200312-054

SOURCES
db:VULHUBid:VHN-7773
db:BIDid:8901
db:CNNVDid:CNNVD-200312-054
db:NVDid:CVE-2003-0948

LAST UPDATE DATE
2024-08-14T14:16:12.518000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-7773date:2008-09-05T00:00:00
db:BIDid:8901date:2009-07-11T23:56:00
db:CNNVDid:CNNVD-200312-054date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0948date:2008-09-05T20:35:38.187

SOURCES RELEASE DATE
db:VULHUBid:VHN-7773date:2003-12-15T00:00:00
db:BIDid:8901date:2003-10-27T00:00:00
db:CNNVDid:CNNVD-200312-054date:2003-12-15T00:00:00
db:NVDid:CVE-2003-0948date:2003-12-15T05:00:00