CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0465
https://notcve.org/view.php?id=CVE-2003-0465
The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks. La función del kernel strncpy en Linux 2.4 y 2.5 no rellena con %NUL el búfer de otra arquitectura que no sea x86, opuestamente a la conducta esperada de la strncpy implementada en libc, lo que podría llevar a fugas de información. • http://marc.info/?l=linux-kernel&m=105796021120436&w=2 http://marc.info/?l=linux-kernel&m=105796415223490&w=2 http://www.redhat.com/support/errata/RHSA-2004-188.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10285 https://access.redhat.com/security/cve/CVE-2003-0465 https://bugzilla.redhat.com/show_bug.cgi?id=1617040 •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0501 – Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Information Disclosure
https://notcve.org/view.php?id=CVE-2003-0501
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries. El sistema de ficheros /proc de Linux permite a usuarios locales obtener información sensible abriendo varias entradas en /proc/self antes de ejecutar algún programa con setuid, lo que hace que el programa no consiga cambiar al propietario y los permisos de ese fichero. • https://www.exploit-db.com/exploits/22813 http://marc.info/?l=bugtraq&m=105621758104242 http://www.debian.org/security/2004/dsa-358 http://www.debian.org/security/2004/dsa-423 http://www.redhat.com/support/errata/RHSA-2003-198.html http://www.redhat.com/support/errata/RHSA-2003-238.html http://www.redhat.com/support/errata/RHSA-2003-239.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A328 https://access.redhat.com/security/ •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0476
https://notcve.org/view.php?id=CVE-2003-0476
The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors. La llamada del sistema execve en Linux 2.4.x registra el descriptor de fichero del proceso ejecutable en la tabla de ficheros del proceso llamante, lo que permite a usuarios locales ganar acceso de lectrura a descriptores de fichero restringidos. • http://marc.info/?l=bugtraq&m=105664924024009&w=2 http://www.debian.org/security/2004/dsa-358 http://www.debian.org/security/2004/dsa-423 http://www.mandriva.com/security/advisories?name=MDKSA-2003:074 http://www.redhat.com/support/errata/RHSA-2003-238.html http://www.redhat.com/support/errata/RHSA-2003-368.html http://www.redhat.com/support/errata/RHSA-2003-408.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327 https:// •
CVSS: 5.0EPSS: 0%CPEs: 40EXPL: 1CVE-2003-0418
https://notcve.org/view.php?id=CVE-2003-0418
The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses. La pila IP del kernel de Linux 2.0 no calcula adecuadamente el tamaño de una petición ICMP, lo que hace que incluya porciones de memoria no autorizada en respuestas de error ICMP. • http://marc.info/?l=bugtraq&m=105519179005065&w=2 http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt http://www.kb.cert.org/vuls/id/471084 •
CVSS: 3.6EPSS: 0%CPEs: 91EXPL: 0CVE-2003-0246
https://notcve.org/view.php?id=CVE-2003-0246
The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports. La llamada al sistema ioperm en los Kernels de Linux anteriores al 2.4.20 no restringe apropiadamente los privilegios, lo que permite que usuarios locales obtengan permisos de lectura o escritura sobre ciertos puertos. • http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html http://marc.info/?l=bugtraq&m=105301461726555&w=2 http://www.debian.org/security/2003/dsa-311 http://www.debian.org/security/2003/dsa-312 http://www.debian.org/security/2003/dsa-332 http://www.debian.org/security/2003/dsa-336 http://www.debian.org/security/2004/dsa-442 http://www.mandriva.com/security/advisories?name=MDKSA-2003:066 http://www.mandriva.com/security/advisories?name=MDKSA-2003:074 h •