Candidate: CVE-2003-0476
References: 
 BUGTRAQ:20030626 Linux 2.4.x execve() file read race vulnerability
 URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2
 MANDRAKE:MDKSA-2003:074
 URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
 REDHAT:RHSA-2003:238
 URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
 REDHAT:RHSA-2003:368
 URL:http://www.redhat.com/support/errata/RHSA-2003-368.html
 REDHAT:RHSA-2003:408
 URL:http://www.redhat.com/support/errata/RHSA-2003-408.html
 SUSE:SuSE-SA:2003:034
 DEBIAN:DSA-358
 URL:http://www.debian.org/security/2004/dsa-358
 DEBIAN:DSA-423
 URL:http://www.debian.org/security/2004/dsa-423
 OVAL:OVAL327
 URL:http://oval.mitre.org/oval/definitions/data/oval327.html
Description: 
 The execve system call in Linux 2.4.x records the file
 descriptor of the executable process in the file table of the
 calling process, which allows local users to gain read access to
 restricted file descriptors.
Notes: 
Bugs: 
upstream: released (2.4.22-pre4, 2.6.1)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: released (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-10)
2.4.17-woody-security: released (2.4.17-1woody4)
2.4.16-woody-security: released (2.4.16-1woody3)
2.4.17-woody-security-hppa: released (32.5)
2.4.17-woody-security-ia64: released (011226.14.1)
2.4.18-woody-security-hppa: released (62.4)