PT-2003-1587 · Linux · Linux-Atm

Angelo Rosiello

Published

2003-06-10

Updated

2017-07-11

CVE-2003-0396

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: linux-atm versions prior to 2.4.1

Description: The issue is related to a buffer overflow in the les utility for ATM on Linux. This can be exploited by local users to gain privileges, specifically when the les utility is used with setuid and a long -f command line argument is provided.

Recommendations: For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider removing the setuid bit from the les utility to prevent local users from exploiting the buffer overflow.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0396

Affected Products

Linux-Atm

PT-2003-1587 · Linux · Linux-Atm

CVE-2003-0396

Related Identifiers

Affected Products

References · 11