| Vulnerability Name: | CVE-2003-0019 (CCN-11276) | ||||||||
| Assigned: | 2003-02-07 | ||||||||
| Published: | 2003-02-07 | ||||||||
| Updated: | 2008-09-11 | ||||||||
| Summary: | uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2003-0019 Source: CCN Type: RHSA-2003-056 Updated kernel-utils packages fix setuid vulnerability Source: CCN Type: CIAC Information Bulletin N-044 Red Hat Updated kernel-utils Packages Fix setuid Vulnerability Source: CIAC Type: UNKNOWN N-044 Source: XF Type: Patch, Vendor Advisory linux-umlnet-gain-privileges(11276) Source: CCN Type: US-CERT VU#134025 kernel-utils sets insecure permissions on uml_net utility Source: CERT-VN Type: US Government Resource VU#134025 Source: CCN Type: OSVDB ID: 4926 Red Hat Linux kernel_utils uml_net Overflow Source: REDHAT Type: Patch, Vendor Advisory RHSA-2003:056 Source: BID Type: UNKNOWN 6801 Source: CCN Type: BID-6801 Red Hat Linux User Mode Linux SetUID Installation Vulnerability Source: XF Type: UNKNOWN linux-umlnet-gain-privileges(11276) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||