CVE-2003-0102

Severity

46%

Complexity

39%

Confidentiality

106%

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

NetBSD

First reported 21 years ago

2003-03-18 05:00:00

Last updated 6 years ago

2018-05-03 01:29:00

Affected Software

NetBSD 1.5

1.5

NetBSD 1.5.1

1.5.1

NetBSD 1.5.2

1.5.2

NetBSD 1.5.3

1.5.3

NetBSD 1.6

1.6

References

NetBSD-SA2003-003

IMNX-2003-7+-012-01

20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)

DSA-260

http://www.idefense.com/advisory/03.04.03.txt

Exploit, Patch, Vendor Advisory

VU#611865

US Government Resource

MDKSA-2003:030

SuSE-SA:2003:017

RHSA-2003:086

RHSA-2003:087

7008

Patch, Vendor Advisory

file-afctr-read-bo(11469)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.