Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1399

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2003-1399
Last Modified 05 Sep 2008 04:36:50
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2003-1399

Summary

eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.

Vulnerable Systems

Application

  • Eject 2.0.10

  • Eject 2.0.11

  • Eject 2.0.12


References

BID - 6914

XF - linux-eject-information-disclosure(11380)

BUGTRAQ - 20030222 eject 2.0.10 vulnerability


Last Updated: 27 May 2016 10:38:20