blob: 03d471c1a5cf69444c91a2928fed5763e17d6bca (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
Candidate: CVE-2003-0476
References:
BUGTRAQ:20030626 Linux 2.4.x execve() file read race vulnerability
URL:http://marc.theaimsgroup.com/?l=bugtraq&m=105664924024009&w=2
MANDRAKE:MDKSA-2003:074
URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:074
REDHAT:RHSA-2003:238
URL:http://www.redhat.com/support/errata/RHSA-2003-238.html
REDHAT:RHSA-2003:368
URL:http://www.redhat.com/support/errata/RHSA-2003-368.html
REDHAT:RHSA-2003:408
URL:http://www.redhat.com/support/errata/RHSA-2003-408.html
SUSE:SuSE-SA:2003:034
DEBIAN:DSA-358
URL:http://www.debian.org/security/2004/dsa-358
DEBIAN:DSA-423
URL:http://www.debian.org/security/2004/dsa-423
OVAL:OVAL327
URL:http://oval.mitre.org/oval/definitions/data/oval327.html
Description:
The execve system call in Linux 2.4.x records the file
descriptor of the executable process in the file table of the
calling process, which allows local users to gain read access to
restricted file descriptors.
Notes:
Bugs:
upstream: released (2.4.22-pre4, 2.6.1)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: released (2.4.19-4.woody3)
2.4.18-woody-security: released (2.4.18-10)
2.4.17-woody-security: released (2.4.17-1woody4)
2.4.16-woody-security: released (2.4.16-1woody3)
2.4.17-woody-security-hppa: released (32.5)
2.4.17-woody-security-ia64: released (011226.14.1)
2.4.18-woody-security-hppa: released (62.4)
|