Moderate

CVE-2003-0102 - Unspecified vulnerability in multiple products

Publication: 2003-03-18
Summary

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

Risk level (CVSS 4.6)

Moderate

4.6

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Netbsd Netbsd 1.5
  • Netbsd Netbsd 1.5.1
  • Netbsd Netbsd 1.5.2
  • Netbsd Netbsd 1.5.3
  • Netbsd Netbsd 1.6
  • File File 3.28
  • File File 3.30
  • File File 3.32
  • File File 3.33
  • File File 3.34
  • File File 3.35
  • File File 3.36
  • File File 3.37
  • File File 3.39
  • File File 3.40