Lucene search

[email protected]CVE-2002-1476

HistorySep 01, 2004 - 4:00 a.m.

CVE-2002-1476

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

cve-2002-1476

buffer overflow

setlocale

libc

netbsd

arbitrary code execution

local attack

nvd

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.

Affected configurations

NVD

Node

netbsdnetbsdMatch1.4

netbsdnetbsdMatch1.5

netbsdnetbsdMatch1.5.1

netbsdnetbsdMatch1.5.2

netbsdnetbsdMatch1.5.3

netbsdnetbsdMatch1.6beta

CPENameOperatorVersion
netbsd:netbsdnetbsdeq1.4
netbsd:netbsdnetbsdeq1.5
netbsd:netbsdnetbsdeq1.5.1
netbsd:netbsdnetbsdeq1.5.2
netbsd:netbsdnetbsdeq1.5.3
netbsd:netbsdnetbsdeq1.6

CPE	Name	Operator	Version
netbsd:netbsd	netbsd	eq	1.4
netbsd:netbsd	netbsd	eq	1.5
netbsd:netbsd	netbsd	eq	1.5.1
netbsd:netbsd	netbsd	eq	1.5.2
netbsd:netbsd	netbsd	eq	1.5.3
netbsd:netbsd	netbsd	eq	1.6

References

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc

www.iss.net/security_center/static/10159.php

www.osvdb.org/7565

www.securityfocus.com/bid/5724

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2002-1476

cvelist1 nvd1