Vulnerabilities > CVE-2003-0188
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 | |
| Application | 4 | |
| OS | 5 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-304.NASL description Leonard Stiles discovered that lv, a multilingual file viewer, would read options from a configuration file in the current directory. Because such a file could be placed there by a malicious user, and lv configuration options can be used to execute commands, this represented a security vulnerability. An attacker could gain the privileges of the user invoking lv, including root. last seen 2020-06-01 modified 2020-06-02 plugin id 15141 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15141 title Debian DSA-304-1 : lv - privilege escalation code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-304. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15141); script_version("1.21"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2003-0188"); script_bugtraq_id(7613); script_xref(name:"DSA", value:"304"); script_name(english:"Debian DSA-304-1 : lv - privilege escalation"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Leonard Stiles discovered that lv, a multilingual file viewer, would read options from a configuration file in the current directory. Because such a file could be placed there by a malicious user, and lv configuration options can be used to execute commands, this represented a security vulnerability. An attacker could gain the privileges of the user invoking lv, including root." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-304" ); script_set_attribute( attribute:"solution", value: "For the stable distribution (woody) this problem has been fixed in version 4.49.4-7woody2. For the old stable distribution (potato) this problem has been fixed in version 4.49.3-4potato2. We recommend that you update your lv package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lv"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"lv", reference:"4.49.3-4potato2")) flag++; if (deb_check(release:"3.0", prefix:"lv", reference:"4.49.4-7woody2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-167.NASL description Updated lv packages that fix the possibility of local privilege escalation are now available. Lv is a powerful file viewer similar to less. It can decode and encode multilingual streams through many coding systems, such as ISO-8859, ISO-2022, EUC, SJIS Big5, HZ, and Unicode. A bug has been found in versions of lv that read a .lv file in the current working directory. Any user who subsequently runs lv in that directory and uses the v (edit) command can be forced to execute an arbitrary program. Users are advised to upgrade to these erratum packages, which contain a version of lv that is patched to read the .lv configuration file only in the user last seen 2020-06-01 modified 2020-06-02 plugin id 12395 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12395 title RHEL 2.1 : lv (RHSA-2003:167)
Oval
| accepted | 2007-04-25T19:52:30.316-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| description | lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:430 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2003-08-19T12:00:00.000-04:00 | ||||||||||||
| title | Multilingual File Viewer .lv File Sneak Attack Vulnerability | ||||||||||||
| version | 36 |
Redhat
| advisories |
|