Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0102

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2003-0102
Last Modified 10 Sep 2008 03:17:56
Published 18 Mar 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0102

Summary

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

Vulnerable Systems

Operating System

  • Netbsd 1.5

  • Netbsd 1.5.1

  • Netbsd 1.5.2

  • Netbsd 1.5.3

  • Netbsd 1.6

Application

  • File 3.28

  • File 3.30

  • File 3.32

  • File 3.33

  • File 3.34

  • File 3.35

  • File 3.36

  • File 3.37

  • File 3.39

  • File 3.40


References

CERT-VN - VU#611865

BID - 7008

MISC - http://www.idefense.com/advisory/03.04.03.txt

XF - file-afctr-read-bo(11469)

REDHAT - RHSA-2003:087

REDHAT - RHSA-2003:086

SUSE - SuSE-SA:2003:017

MANDRAKE - MDKSA-2003:030

DEBIAN - DSA-260

BUGTRAQ - 20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)

IMMUNIX - IMNX-2003-7+-012-01

NETBSD - NetBSD-SA2003-003


Last Updated: 27 May 2016 10:37:47