Main Vulnerability Database Vulnerabilities #VU95665

Resource management errors in Linux kernel - CVE-2002-0499

Published: August 12, 2002 / Updated: August 9, 2024

Vulnerability identifier: #VU95665

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2002-0499

CWE-ID: CWE-399

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to corrupt data.

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.

How to mitigate CVE-2002-0499

Install update from vendor's repository.

Sources

http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html
http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html
http://www.iss.net/security_center/static/8634.php
http://www.securityfocus.com/archive/1/264117
http://www.securityfocus.com/bid/4367

Resource management errors in Linux kernel - CVE-2002-0499

Detailed vulnerability description

How to mitigate CVE-2002-0499

Sources

Please verify you're human