Vulnerabilities > CVE-2003-0462
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
Vulnerable Configurations
Exploit-Db
| description | Linux 2.4 Kernel execve() System Call Race Condition Vulnerability. CVE-2003-0462. Local exploit for linux platform |
| id | EDB-ID:22840 |
| last seen | 2016-02-02 |
| modified | 2003-06-26 |
| published | 2003-06-26 |
| reporter | IhaQueR |
| source | https://www.exploit-db.com/download/22840/ |
| title | Linux Kernel 2.4 - execve System Call Race Condition Vulnerability |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-358.NASL description A number of vulnerabilities have been discovered in the Linux kernel. - CAN-2003-0461: /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. This bug has been fixed by restricting access to /proc/tty/driver/serial. - CAN-2003-0462: A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). - CAN-2003-0476: The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. - CAN-2003-0501: The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries. - CAN-2003-0550: The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. This bug has been fixed by disabling STP by default. - CAN-2003-0551: The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. - CAN-2003-0552: Linux 2.4.x allows remote attackers to spoof the bridge forwarding table via forged packets whose source addresses are the same as the target. - CAN-2003-0018: Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. This bug has been fixed by disabling O_DIRECT. - CAN-2003-0619: Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. This advisory covers only the i386 and alpha architectures. Other architectures will be covered by separate advisories. last seen 2020-06-01 modified 2020-06-02 plugin id 15195 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15195 title Debian DSA-358-4 : linux-kernel-2.4.18 - several vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-074.NASL description Multiple vulnerabilities were discovered and fixed in the Linux kernel. - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. - CVE-2003-0462: A file read race existed in the execve() system call. Kernels for 9.1/x86 are also available (see MDKSA-2003:066). MandrakeSoft encourages all users to upgrade to these new kernels. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. last seen 2020-06-01 modified 2020-06-02 plugin id 14057 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14057 title Mandrake Linux Security Advisory : kernel (MDKSA-2003:074) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-066.NASL description Multiple vulnerabilities were discovered and fixed in the Linux kernel. - CVE-2003-0001: Multiple ethernet network card drivers do not pad frames with null bytes which allows remote attackers to obtain information from previous packets or kernel memory by using special malformed packets. - CVE-2003-0244: The route cache implementation in the 2.4 kernel and the Netfilter IP conntrack module allows remote attackers to cause a Denial of Service (DoS) via CPU consumption due to packets with forged source addresses that cause a large number of hash table collisions related to the PREROUTING chain. - CVE-2003-0246: The ioperm implementation in 2.4.20 and earlier kernels does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. - CVE-2003-0247: A vulnerability in the TTY layer of the 2.4 kernel allows attackers to cause a kernel oops resulting in a DoS. - CVE-2003-0248: The mxcsr code in the 2.4 kernel allows attackers to modify CPU state registers via a malformed address. - CVE-2003-0462: A file read race existed in the execve() system call. As well, a number of bug fixes were made in the 9.1 kernel including : - Support for more machines that did not work with APIC - Audigy2 support - New/updated modules: prims25, adiusbadsl, thinkpad, ieee1394, orinoco, via-rhine, - Fixed SiS IOAPIC - IRQ balancing has been fixed for SMP - Updates to ext3 - The previous ptrace fix has been redone to work better - Bugs with compiling kernels using xconfig have been fixed - Problems with ipsec have been corrected - XFS ACLs are now present - gdb not working on XFS root filesystems has been fixed MandrakeSoft encourages all users to upgrade to these new kernels. Updated kernels will be available shortly for other supported platforms and architectures. For full instructions on how to properly upgrade your kernel, please review http://www.mandrakesecure.net/en/docs/magic.php. Update : The kernels provided in MDKSA-2003:066-1 (2.4.21-0.24mdk) had a problem where all files created on any filesystem other than XFS, and using any kernel other than kernel-secure, would be created with mode 0666, or world writeable. The 0.24mdk kernels have been removed from the mirrors and users are encouraged to upgrade and remove those kernels from their systems to prevent accidentally booting into them. That issue has been addressed and fixed with these new kernels. last seen 2020-06-01 modified 2020-06-02 plugin id 14049 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14049 title Mandrake Linux Security Advisory : kernel (MDKSA-2003:066-2) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-423.NASL description The IA-64 maintainers fixed several security related bugs in the Linux kernel 2.4.17 used for the IA-64 architecture, mostly by backporting fixes from 2.4.18. The corrections are listed below with the identification from the Common Vulnerabilities and Exposures (CVE) project : - CAN-2003-0001 : Multiple ethernet network interface card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak. - CAN-2003-0018 : Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption. - CAN-2003-0127 : The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process which is spawned by the kernel. - CAN-2003-0461 : The virtual file /proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords. - CAN-2003-0462 : A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). - CAN-2003-0476 : The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. - CAN-2003-0501 : The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries. - CAN-2003-0550 : The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology. - CAN-2003-0551 : The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service. - CAN-2003-0552 : Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. - CAN-2003-0961 : An integer overflow in brk system call (do_brk function) for Linux kernel 2.4.22 and earlier allows local users to gain root privileges. - CAN-2003-0985 : The mremap system call (do_mremap) in Linux kernel 2.4 and 2.6 does not properly perform boundary checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA. last seen 2020-06-01 modified 2020-06-02 plugin id 15260 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15260 title Debian DSA-423-1 : linux-kernel-2.4.17-ia64 - several vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-239.NASL description Updated kernel packages that address various security vulnerabilities are now available for Red Hat Enterprise Linux. The Linux kernel handles the basic functions of the operating system. Security issues have been found that affect the versions of the Linux kernel shipped with Red Hat Enterprise Linux : CVE-2003-0462: Paul Starzetz discovered a file read race condition existing in the execve() system call, which could cause a local crash. CVE-2003-0501: The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program. This causes the program to fail to change the ownership and permissions of already opened entries. CVE-2003-0550: The STP protocol is known to have no security, which could allow attackers to alter the bridge topology. STP is now turned off by default. CVE-2003-0551: STP input processing was lax in its length checking, which could lead to a denial of service (DoS). CVE-2003-0552: Jerry Kreuscher discovered that the Forwarding table could be spoofed by sending forged packets with bogus source addresses the same as the local host. CVE-2003-0619: An integer signedness error in the decode_fh function of nfs3xdr.c allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. CVE-2003-0699: The C-Media PCI sound driver in Linux kernel versions prior to 2.4.21 accesses userspace without using the get_user function, which is a potential security hole. All users are advised to upgrade to these erratum packages, which contain backported security patches correcting these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 12410 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12410 title RHEL 2.1 : kernel (RHSA-2003:239)
Oval
| accepted | 2007-04-25T19:52:26.586-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| description | A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash). | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:309 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2003-09-26T12:00:00.000-04:00 | ||||||||||||
| title | Linux Kernel execve Race Condition Vulnerability | ||||||||||||
| version | 38 |
Redhat
| advisories |
|
References
- http://www.debian.org/security/2004/dsa-358
- http://www.debian.org/security/2004/dsa-423
- http://www.redhat.com/support/errata/RHSA-2003-198.html
- http://www.redhat.com/support/errata/RHSA-2003-238.html
- http://www.redhat.com/support/errata/RHSA-2003-239.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A309