| Vulnerability Name: | CVE-2003-0102 (CCN-11469) | ||||||||||||
| Assigned: | 2003-03-04 | ||||||||||||
| Published: | 2003-03-04 | ||||||||||||
| Updated: | 2018-05-03 | ||||||||||||
| Summary: | Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize). | ||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||
| References: | Source: CCN Type: NetBSD Security Advisory 2003-003 Buffer Overflow in file(1) Source: NETBSD Type: UNKNOWN NetBSD-SA2003-003 Source: CCN Type: SCO Security Advisory CSSA-2003-018.0 OpenLinux: file command buffer overflow Source: MITRE Type: CNA CVE-2003-0102 Source: CCN Type: Freshmeat.net Web site file Source: IMMUNIX Type: UNKNOWN IMNX-2003-7+-012-01 Source: BUGTRAQ Type: UNKNOWN 20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1) Source: CCN Type: RHSA-2003-086 Updated file packages fix vulnerability Source: CCN Type: RHSA-2003-087 file security update Source: CCN Type: Sun Alert ID: 56040 Sun Linux Vulnerability in "file" Utility May Allow a Local Unprivileged User to Execute Arbitrary Code Source: DEBIAN Type: UNKNOWN DSA-260 Source: DEBIAN Type: DSA-260 file -- buffer overflow Source: MISC Type: Exploit, Patch, Vendor Advisory http://www.idefense.com/advisory/03.04.03.txt Source: CCN Type: US-CERT VU#611865 Automatic File Content Type Recognition Tool vulnerable to stack overflow Source: CERT-VN Type: US Government Resource VU#611865 Source: CCN Type: EnGarde Secure Linux Security Advisory ESA-20030307-008 ELF parsing routine buffer overflow vulnerability. Source: CCN Type: Immunix OS Security Advisory IMNX-2003-7+-012-01 file Source: MANDRAKE Type: UNKNOWN MDKSA-2003:030 Source: SUSE Type: UNKNOWN SuSE-SA:2003:017 Source: REDHAT Type: UNKNOWN RHSA-2003:086 Source: REDHAT Type: UNKNOWN RHSA-2003:087 Source: BID Type: Patch, Vendor Advisory 7008 Source: CCN Type: BID-7008 File Local Stack Overflow Code Execution Vulnerability Source: XF Type: UNKNOWN file-afctr-read-bo(11469) Source: XF Type: UNKNOWN file-afctr-read-bo(11469) Source: CCN Type: iDEFENSE Security Advisory 03.04.03 Locally Exploitable Buffer Overflow in file(1) Source: SUSE Type: SUSE-SA:2003:017 file: remote system compromise | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||