#VU95664 Improper access control in Linux kernel - CVE-2003-0127
Published: March 31, 2003 / Updated: August 9, 2024
Vulnerability identifier: #VU95664
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2003-0127
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
Remediation
Install update from vendor's repository.
External links
- ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt
- http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html
- http://marc.info/?l=bugtraq&m=105301461726555&w=2
- http://rhn.redhat.com/errata/RHSA-2003-088.html
- http://rhn.redhat.com/errata/RHSA-2003-098.html
- http://security.gentoo.org/glsa/glsa-200303-17.xml
- http://www.debian.org/security/2003/dsa-270
- http://www.debian.org/security/2003/dsa-276
- http://www.debian.org/security/2003/dsa-311
- http://www.debian.org/security/2003/dsa-312
- http://www.debian.org/security/2003/dsa-332
- http://www.debian.org/security/2003/dsa-336
- http://www.debian.org/security/2004/dsa-423
- http://www.debian.org/security/2004/dsa-495
- http://www.kb.cert.org/vuls/id/628849
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:038
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:039
- http://www.redhat.com/support/errata/RHSA-2003-103.html
- http://www.redhat.com/support/errata/RHSA-2003-145.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A254