CVE-2003-0102

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc
http://lwn.net/Alerts/34908/
http://marc.info/?l=bugtraq&m=104680706201721&w=2
http://www.debian.org/security/2003/dsa-260
http://www.idefense.com/advisory/03.04.03.txt	Exploit Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/611865	US Government Resource
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030
http://www.novell.com/linux/security/advisories/2003_017_file.html
http://www.redhat.com/support/errata/RHSA-2003-086.html
http://www.redhat.com/support/errata/RHSA-2003-087.html
http://www.securityfocus.com/bid/7008	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/11469
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc
http://lwn.net/Alerts/34908/
http://marc.info/?l=bugtraq&m=104680706201721&w=2
http://www.debian.org/security/2003/dsa-260
http://www.idefense.com/advisory/03.04.03.txt	Exploit Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/611865	US Government Resource
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030
http://www.novell.com/linux/security/advisories/2003_017_file.html
http://www.redhat.com/support/errata/RHSA-2003-086.html
http://www.redhat.com/support/errata/RHSA-2003-087.html
http://www.securityfocus.com/bid/7008	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/11469

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:file:file:3.28:::::::*
	cpe:2.3:a:file:file:3.30:::::::*
	cpe:2.3:a:file:file:3.32:::::::*
	cpe:2.3:a:file:file:3.33:::::::*
	cpe:2.3:a:file:file:3.34:::::::*
	cpe:2.3:a:file:file:3.35:::::::*
	cpe:2.3:a:file:file:3.36:::::::*
	cpe:2.3:a:file:file:3.37:::::::*
	cpe:2.3:a:file:file:3.39:::::::*
	cpe:2.3:a:file:file:3.40:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:netbsd:netbsd:1.5:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5.1:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5.2:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5.3:::::::*
	cpe:2.3:o:netbsd:netbsd:1.6:::::::*

History

20 Nov 2024, 23:43

Type	Values Removed	Values Added
References	~~() ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc -~~	() ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc -
References	~~() http://lwn.net/Alerts/34908/ -~~	() http://lwn.net/Alerts/34908/ -
References	~~() http://marc.info/?l=bugtraq&m=104680706201721&w=2 -~~	() http://marc.info/?l=bugtraq&m=104680706201721&w=2 -
References	~~() http://www.debian.org/security/2003/dsa-260 -~~	() http://www.debian.org/security/2003/dsa-260 -
References	~~() http://www.idefense.com/advisory/03.04.03.txt - Exploit, Patch, Vendor Advisory~~	() http://www.idefense.com/advisory/03.04.03.txt - Exploit, Patch, Vendor Advisory
References	~~() http://www.kb.cert.org/vuls/id/611865 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/611865 - US Government Resource
References	~~() http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030 -~~	() http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030 -
References	~~() http://www.novell.com/linux/security/advisories/2003_017_file.html -~~	() http://www.novell.com/linux/security/advisories/2003_017_file.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2003-086.html -~~	() http://www.redhat.com/support/errata/RHSA-2003-086.html -
References	~~() http://www.redhat.com/support/errata/RHSA-2003-087.html -~~	() http://www.redhat.com/support/errata/RHSA-2003-087.html -
References	~~() http://www.securityfocus.com/bid/7008 - Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/7008 - Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/11469 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/11469 -

Information

Published : 2003-03-18 05:00

Updated : 2024-11-20 23:43

NVD link : CVE-2003-0102

Mitre link : CVE-2003-0102

CVE.ORG link : CVE-2003-0102

JSON object : View

Products Affected

netbsd

netbsd

file

file

CWE

NVD-CWE-Other

4.6 /10