PT-2003-1581 · Opt · Options Parsing Tool

Published

2003-06-10

Updated

2016-10-18

CVE-2003-0390

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Options Parsing Tool (OPT) shared library versions 3.18 and earlier

Description: The issue is related to multiple buffer overflows in the OPT shared library. When used in setuid programs, local users may be able to execute arbitrary code via long command line options that are fed into macros such as opt warn 2, as used in functions such as opt atoi().

Recommendations: For Options Parsing Tool (OPT) shared library versions 3.18 and earlier, consider updating to a version later than 3.18 to resolve the issue. As a temporary workaround, consider restricting the use of the OPT shared library in setuid programs to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0390

Affected Products

Options Parsing Tool

PT-2003-1581 · Opt · Options Parsing Tool

CVE-2003-0390

Related Identifiers

Affected Products

References · 9