CVE-2003-1234: Integer Overflow
First published: Wed Dec 31 2003(Updated: )
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeBSD Kernel | =3.1 | |
| FreeBSD Kernel | =2.2.5 | |
| FreeBSD Kernel | =4.6-release | |
| FreeBSD Kernel | =2.2.2 | |
| FreeBSD Kernel | =2.1.7 | |
| FreeBSD Kernel | =4.11 | |
| FreeBSD Kernel | =2.2.3 | |
| FreeBSD Kernel | =4.5-release | |
| FreeBSD Kernel | =1.1.5.1 | |
| FreeBSD Kernel | =2.1.6.1 | |
| FreeBSD Kernel | =2.2-current | |
| FreeBSD Kernel | =4.10-release | |
| FreeBSD Kernel | =4.10-release_p8 | |
| FreeBSD Kernel | =4.3-release | |
| FreeBSD Kernel | =4.4 | |
| FreeBSD Kernel | =4.9-releng | |
| FreeBSD Kernel | =4.11-releng | |
| FreeBSD Kernel | =2.1.0 | |
| FreeBSD Kernel | =2.2.4 | |
| FreeBSD Kernel | =3.2 | |
| FreeBSD Kernel | =4.10-releng | |
| FreeBSD Kernel | =4.11-release_p3 | |
| FreeBSD Kernel | =4.5 | |
| FreeBSD Kernel | =2.2 | |
| FreeBSD Kernel | =2.2.8 | |
| FreeBSD Kernel | =4.2 | |
| FreeBSD Kernel | =4.7 | |
| FreeBSD Kernel | =2.1.6 | |
| FreeBSD Kernel | =2.2.1 | |
| FreeBSD Kernel | =2.2.6 | |
| FreeBSD Kernel | =3.4 | |
| FreeBSD Kernel | =3.5 | |
| FreeBSD Kernel | =4.11-stable | |
| FreeBSD Kernel | =4.6 | |
| FreeBSD Kernel | =2.1.5 | |
| FreeBSD Kernel | =3.3 | |
| FreeBSD Kernel | =5.0 | |
| FreeBSD Kernel | =2.1.7.1 | |
| FreeBSD Kernel | =2.2.7 | |
| FreeBSD Kernel | =3.5.1-release | |
| FreeBSD Kernel | =4.10 | |
| FreeBSD Kernel | =4.3 | |
| FreeBSD Kernel | =4.7-release |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0006.html
- http://www.pine.nl/press/pine-cert-20030101.txt
- http://www.iss.net/security_center/static/10993.php
- http://www.securityfocus.com/bid/6524
- http://www.securitytracker.com/id?1005898
- http://secunia.com/advisories/7821
- http://www.securityfocus.com/archive/1/305308/30/26420/threaded
Frequently Asked Questions
What is the severity of CVE-2003-1234?
CVE-2003-1234 is classified as a moderate vulnerability that can lead to denial of service and potential arbitrary code execution.
How do I fix CVE-2003-1234?
To fix CVE-2003-1234, users should upgrade to a patched version of FreeBSD that addresses the integer overflow issue.
Which FreeBSD versions are affected by CVE-2003-1234?
CVE-2003-1234 affects multiple FreeBSD versions, including 2.1, 2.2, 4.2 through 5.0.
What type of attack can CVE-2003-1234 facilitate?
CVE-2003-1234 can facilitate a denial of service attack as well as potentially allow arbitrary code execution.
Who can exploit CVE-2003-1234?
CVE-2003-1234 can be exploited by local users who have access to the system running the affected FreeBSD versions.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/freebsd
- canonical/freebsd kernel
- version/freebsd kernel/3.1
- version/freebsd kernel/2.2.5
- version/freebsd kernel/4.6-release
- version/freebsd kernel/2.2.2
- version/freebsd kernel/2.1.7
- version/freebsd kernel/4.11
- version/freebsd kernel/2.2.3
- version/freebsd kernel/4.5-release
- version/freebsd kernel/1.1.5.1
- version/freebsd kernel/2.1.6.1
- version/freebsd kernel/2.2-current
- version/freebsd kernel/4.10-release
- version/freebsd kernel/4.10-release_p8
- version/freebsd kernel/4.3-release
- version/freebsd kernel/4.4
- version/freebsd kernel/4.9-releng
- version/freebsd kernel/4.11-releng
- version/freebsd kernel/2.1.0
- version/freebsd kernel/2.2.4
- version/freebsd kernel/3.2
- version/freebsd kernel/4.10-releng
- version/freebsd kernel/4.11-release_p3
- version/freebsd kernel/4.5
- version/freebsd kernel/2.2
- version/freebsd kernel/2.2.8
- version/freebsd kernel/4.2
- version/freebsd kernel/4.7
- version/freebsd kernel/2.1.6
- version/freebsd kernel/2.2.1
- version/freebsd kernel/2.2.6
- version/freebsd kernel/3.4
- version/freebsd kernel/3.5
- version/freebsd kernel/4.11-stable
- version/freebsd kernel/4.6
- version/freebsd kernel/2.1.5
- version/freebsd kernel/3.3
- version/freebsd kernel/5.0
- version/freebsd kernel/2.1.7.1
- version/freebsd kernel/2.2.7
- version/freebsd kernel/3.5.1-release
- version/freebsd kernel/4.10
- version/freebsd kernel/4.3
- version/freebsd kernel/4.7-release