CVE-2003-0464

The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.redhat.com/support/errata/RHSA-2003-238.html	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A311

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:redhat:linux:7.1:::::::*
	cpe:2.3:o:redhat:linux:7.2:::::::*
	cpe:2.3:o:redhat:linux:7.3:::::::*
	cpe:2.3:o:redhat:linux:8.0:::::::*
	cpe:2.3:o:redhat:linux:9.0:::::::*

History

No history.

Information

Published : 2003-08-27 04:00

Updated : 2024-02-04 16:31

NVD link : CVE-2003-0464

Mitre link : CVE-2003-0464

CVE.ORG link : CVE-2003-0464

JSON object : View

Products Affected

redhat

linux

CWE

NVD-CWE-Other

{"id": "CVE-2003-0464", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-08-27T04:00:00.000", "references": [{"url": "http://www.redhat.com/support/errata/RHSA-2003-238.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A311", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd."}, {"lang": "es", "value": "El c\u00f3digo RPC en el kernel 2.4 de Linux establece la bandera de reusar cuando se crean sockets, lo que podr\u00eda permitir a usuarios locales atar puertos UDP usados por servicios privilegiados como nfsd."}], "lastModified": "2018-05-03T01:29:20.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F"}, {"criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E"}, {"criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227"}, {"criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4"}, {"criteria": "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E66F7BF0-EF7C-4695-9D67-7C1A01C6F9B9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}