Main Vulnerability Database SB2002081205

SB2002081205 - Resource management errors in Linux kernel

Published: August 12, 2002 Updated: August 9, 2024

Security Bulletin ID SB2002081205

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Resource management errors (CVE-ID: CVE-2002-0499)

CWE-ID: CWE-399 - Resource Management Errors

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a local user to corrupt data.

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.

Remediation

Install update from vendor's website.

References

http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html
http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html
http://www.iss.net/security_center/static/8634.php
http://www.securityfocus.com/archive/1/264117
http://www.securityfocus.com/bid/4367