{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-06-26T00:00:00", "descriptions": [{"lang": "en", "value": "The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:327", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327"}, {"name": "20030626 Linux 2.4.x execve() file read race vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105664924024009&w=2"}, {"name": "RHSA-2003:238", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-238.html"}, {"name": "DSA-423", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2004/dsa-423"}, {"name": "MDKSA-2003:074", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074"}, {"name": "RHSA-2003:408", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-408.html"}, {"name": "DSA-358", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2004/dsa-358"}, {"name": "RHSA-2003:368", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-368.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0476", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:327", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327"}, {"name": "20030626 Linux 2.4.x execve() file read race vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105664924024009&w=2"}, {"name": "RHSA-2003:238", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-238.html"}, {"name": "DSA-423", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-423"}, {"name": "MDKSA-2003:074", "refsource": "MANDRAKE", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074"}, {"name": "RHSA-2003:408", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-408.html"}, {"name": "DSA-358", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-358"}, {"name": "RHSA-2003:368", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-368.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:58:10.888Z"}, "title": "CVE Program Container", "references": [{"name": "oval:org.mitre.oval:def:327", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327"}, {"name": "20030626 Linux 2.4.x execve() file read race vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=105664924024009&w=2"}, {"name": "RHSA-2003:238", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2003-238.html"}, {"name": "DSA-423", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2004/dsa-423"}, {"name": "MDKSA-2003:074", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074"}, {"name": "RHSA-2003:408", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2003-408.html"}, {"name": "DSA-358", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2004/dsa-358"}, {"name": "RHSA-2003:368", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2003-368.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0476", "datePublished": "2003-06-28T04:00:00", "dateReserved": "2003-06-27T00:00:00", "dateUpdated": "2024-08-08T01:58:10.888Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "C24A129D-2E5E-436C-95DE-AE75D2E8D092", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors."}, {"lang": "es", "value": "La llamada del sistema execve en Linux 2.4.x registra el descriptor de fichero del proceso ejecutable en la tabla de ficheros del proceso llamante, lo que permite a usuarios locales ganar acceso de lectrura a descriptores de fichero restringidos."}], "id": "CVE-2003-0476", "lastModified": "2018-05-03T01:29:20.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-08-07T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105664924024009&w=2"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2004/dsa-358"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2004/dsa-423"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-238.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2003-368.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-408.html"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2003:408", "cpe": "cpe:/o:redhat:enterprise_linux:3", "product_name": "Red Hat Desktop version 3", "release_date": "2003-12-19T00:00:00Z"}, {"advisory": "RHSA-2003:368", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1", "release_date": "2003-12-19T00:00:00Z"}, {"advisory": "RHSA-2003:408", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1", "release_date": "2003-12-19T00:00:00Z"}, {"advisory": "RHSA-2003:408", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux ES version 2.1", "release_date": "2003-12-19T00:00:00Z"}, {"advisory": "RHSA-2003:408", "cpe": "cpe:/o:redhat:enterprise_linux:3", "product_name": "Red Hat Enterprise Linux ES version 3", "release_date": "2003-12-19T00:00:00Z"}, {"advisory": "RHSA-2003:408", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux WS version 2.1", "release_date": "2003-12-19T00:00:00Z"}, {"advisory": "RHSA-2003:238", "cpe": "cpe:/o:redhat:linux:7.1", "product_name": "Red Hat Linux 7.1", "release_date": "2003-07-21T00:00:00Z"}, {"advisory": "RHSA-2003:238", "cpe": "cpe:/o:redhat:linux:7.2", "product_name": "Red Hat Linux 7.2", "release_date": "2003-07-21T00:00:00Z"}, {"advisory": "RHSA-2003:238", "cpe": "cpe:/o:redhat:linux:7.3", "product_name": "Red Hat Linux 7.3", "release_date": "2003-07-21T00:00:00Z"}, {"advisory": "RHSA-2003:238", "cpe": "cpe:/o:redhat:linux:8.0", "product_name": "Red Hat Linux 8.0", "release_date": "2003-07-21T00:00:00Z"}, {"advisory": "RHSA-2003:238", "cpe": "cpe:/o:redhat:linux:9", "product_name": "Red Hat Linux 9", "release_date": "2003-07-21T00:00:00Z"}, {"advisory": "RHSA-2003:368", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Linux Advanced Workstation 2.1", "release_date": "2003-12-19T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1617043", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617043"}, "csaw": false, "details": ["The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors."], "name": "CVE-2003-0476", "public_date": "2003-06-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2003-0476\nhttps://nvd.nist.gov/vuln/detail/CVE-2003-0476"], "threat_severity": "Important"}