CVE-2003-0476

Severity

21%

Complexity

39%

Confidentiality

48%

The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.

The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N).

Overview

First reported 21 years ago

2003-08-07 04:00:00

Last updated 6 years ago

2018-05-03 01:29:00

Affected Software

Linux Kernel 2.4.0

2.4.0

References

20030626 Linux 2.4.x execve() file read race vulnerability

DSA-358

DSA-423

Patch, Vendor Advisory

MDKSA-2003:074

RHSA-2003:238

RHSA-2003:368

Patch, Vendor Advisory

RHSA-2003:408

oval:org.mitre.oval:def:327

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.