CVE-2003-0102 : Buffer overflow in tryelf() in readelf.c of the file command allows attackers to

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

Published 2003-03-18 05:00:00

Updated 2018-05-03 01:29:19

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2003-0102

Netbsd » Netbsd » Version: 1.5
cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
Matching versions
Netbsd » Netbsd » Version: 1.5.1
cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
Matching versions
Netbsd » Netbsd » Version: 1.5.2
cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
Matching versions
Netbsd » Netbsd » Version: 1.5.3
cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
Matching versions
Netbsd » Netbsd » Version: 1.6
cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
Matching versions
File » File » Version: 3.30
cpe:2.3:a:file:file:3.30:*:*:*:*:*:*:*
Matching versions
File » File » Version: 3.32
cpe:2.3:a:file:file:3.32:*:*:*:*:*:*:*
Matching versions
File » File » Version: 3.28
cpe:2.3:a:file:file:3.28:*:*:*:*:*:*:*
Matching versions
File » File » Version: 3.37
cpe:2.3:a:file:file:3.37:*:*:*:*:*:*:*
Matching versions
File » File » Version: 3.39
cpe:2.3:a:file:file:3.39:*:*:*:*:*:*:*
Matching versions
File » File » Version: 3.40
cpe:2.3:a:file:file:3.40:*:*:*:*:*:*:*
Matching versions
File » File » Version: 3.33
cpe:2.3:a:file:file:3.33:*:*:*:*:*:*:*
Matching versions
File » File » Version: 3.34
cpe:2.3:a:file:file:3.34:*:*:*:*:*:*:*
Matching versions
File » File » Version: 3.35
cpe:2.3:a:file:file:3.35:*:*:*:*:*:*:*
Matching versions
File » File » Version: 3.36
cpe:2.3:a:file:file:3.36:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2003-0102

EPSS FAQ

0.78%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2003-0102

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2003-0102

http://www.redhat.com/support/errata/RHSA-2003-086.html

Support
http://www.novell.com/linux/security/advisories/2003_017_file.html

404 Page Not Found | SUSE
http://www.kb.cert.org/vuls/id/611865

VU#611865 - Automatic File Content Type Recognition Tool vulnerable to stack overflow
US Government Resource
http://www.debian.org/security/2003/dsa-260

Debian -- The Universal Operating System
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030
http://www.idefense.com/advisory/03.04.03.txt

U.S. | Let There Be Change | Accenture
Exploit;Patch;Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-087.html

Support
http://marc.info/?l=bugtraq&m=104680706201721&w=2

'iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)' - MARC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc
http://www.securityfocus.com/bid/7008

Patch;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/11469

file(1) AFCTR tool read() buffer overflow CVE-2003-0102 Vulnerability Report
http://lwn.net/Alerts/34908/

Immunix alert IMNX-2003-7+-012-01 (file) [LWN.net]

Jump to

Vulnerability Details : CVE-2003-0102

Products affected by CVE-2003-0102

Exploit prediction scoring system (EPSS) score for CVE-2003-0102

CVSS scores for CVE-2003-0102

References for CVE-2003-0102