Main Vulnerability Database Vulnerabilities #VU99957

Missing release of memory after effective lifetime in Linux kernel - CVE-2003-0465

Published: August 18, 2003 / Updated: October 11, 2017

Vulnerability identifier: #VU99957

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2003-0465

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.

How to mitigate CVE-2003-0465

Install update from vendor's repository.

Sources

http://marc.info/?l=linux-kernel&m=105796021120436&w=2
http://marc.info/?l=linux-kernel&m=105796415223490&w=2
http://www.redhat.com/support/errata/RHSA-2004-188.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10285

Missing release of memory after effective lifetime in Linux kernel - CVE-2003-0465

Detailed vulnerability description

How to mitigate CVE-2003-0465

Sources

Please verify you're human