PT-2003-1092 · Red Hat+1 · Red Hat+1

Paul Starzetz

Published

2003-05-22

Updated

2018-05-03

CVE-2003-0476

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.4.x Red Hat Linux kernel versions 2.4.20

Description The issue affects the Linux kernel and Red Hat Linux, allowing for potential exploitation that could compromise confidentiality, integrity, and availability of protected information. This can be exploited remotely. A specific concern is with the execve system call in Linux 2.4.x, which records the file descriptor of the executable process in the file table of the calling process. This allows local users to gain read access to restricted file descriptors.

Recommendations For Linux kernel version 2.4.x, consider updating to a version that addresses these vulnerabilities. For Red Hat Linux kernel version 2.4.20, consider updating to a version that addresses these vulnerabilities. As a temporary workaround, consider restricting access to sensitive areas of the system to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-08108

BDU:2015-08110

BDU:2015-08112

BDU:2015-08116

BDU:2015-08126

BDU:2015-08129

CVE-2003-0476

DSA-358

DSA-423

Affected Products

Linux Kernel

Red Hat

PT-2003-1092 · Red Hat+1 · Red Hat+1

CVE-2003-0476

Related Identifiers

Affected Products

References · 16