Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0476

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2003-0476
Last Modified 10 Sep 2008 03:19:07
Published 07 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0476

Summary

The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.

Vulnerable Systems

Operating System

  • Linux Kernel 2.4.0


References

REDHAT - RHSA-2003:368

DEBIAN - DSA-423

REDHAT - RHSA-2003:408

REDHAT - RHSA-2003:238

DEBIAN - DSA-358

MANDRAKE - MDKSA-2003:074

BUGTRAQ - 20030626 Linux 2.4.x execve() file read race vulnerability


Last Updated: 27 May 2016 10:37:56