CVE-2003-0102: Buffer Overflow
First published: Tue Mar 18 2003(Updated: )
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| file file | =3.28 | |
| file file | =3.30 | |
| file file | =3.32 | |
| file file | =3.33 | |
| file file | =3.34 | |
| file file | =3.35 | |
| file file | =3.36 | |
| file file | =3.37 | |
| file file | =3.39 | |
| file file | =3.40 | |
| NetBSD current | =1.5 | |
| NetBSD current | =1.5.1 | |
| NetBSD current | =1.5.2 | |
| NetBSD current | =1.5.3 | |
| NetBSD current | =1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.idefense.com/advisory/03.04.03.txt
- http://www.securityfocus.com/bid/7008
- http://www.debian.org/security/2003/dsa-260
- http://lwn.net/Alerts/34908/
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030
- http://www.novell.com/linux/security/advisories/2003_017_file.html
- http://www.redhat.com/support/errata/RHSA-2003-086.html
- http://www.redhat.com/support/errata/RHSA-2003-087.html
- http://www.kb.cert.org/vuls/id/611865
- http://marc.info/?l=bugtraq&m=104680706201721&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11469
Frequently Asked Questions
What is the severity of CVE-2003-0102?
CVE-2003-0102 is classified as a high severity vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2003-0102?
To fix CVE-2003-0102, you should upgrade to the latest version of the file command that addresses this buffer overflow issue.
Which versions of the file command are affected by CVE-2003-0102?
CVE-2003-0102 affects file command versions 3.28, 3.30, 3.32, 3.33, 3.34, 3.35, 3.36, 3.37, 3.39, and 3.40.
How does CVE-2003-0102 exploit vulnerabilities in ELF headers?
CVE-2003-0102 exploits vulnerabilities through a buffer overflow triggered by a large entity size value in an ELF header.
What is the impact of CVE-2003-0102 on systems?
The impact of CVE-2003-0102 allows attackers to execute arbitrary code on the system as the user running the file command.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/file
- canonical/file file
- version/file file/3.28
- version/file file/3.30
- version/file file/3.32
- version/file file/3.33
- version/file file/3.34
- version/file file/3.35
- version/file file/3.36
- version/file file/3.37
- version/file file/3.39
- version/file file/3.40
- vendor/netbsd
- canonical/netbsd current
- version/netbsd current/1.5
- version/netbsd current/1.5.1
- version/netbsd current/1.5.2
- version/netbsd current/1.5.3
- version/netbsd current/1.6