Search...

CVE-2003-0202

2004-04-15T04:00:00

ID CVE-2003-0202
Type cve
Reporter cve@mitre.org
Modified 2017-07-11T01:29:00

Description

The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

JSON Vulners Source

Initial Source

{"id": "CVE-2003-0202", "bulletinFamily": "NVD", "title": "CVE-2003-0202", "description": "The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.", "published": "2004-04-15T04:00:00", "modified": "2017-07-11T01:29:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0202", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/7293", "https://exchange.xforce.ibmcloud.com/vulnerabilities/11734", "http://www.debian.org/security/2003/dsa-279"], "cvelist": ["CVE-2003-0202"], "type": "cve", "lastseen": "2021-02-02T05:22:09", "edition": 4, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:13390", "OSVDB:13391"]}, {"type": "openvas", "idList": ["OPENVAS:53348"]}, {"type": "debian", "idList": ["DEBIAN:DSA-279-1:BE6A2"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-279.NASL"]}], "modified": "2021-02-02T05:22:09", "rev": 2}, "score": {"value": 3.4, "vector": "NONE", "modified": "2021-02-02T05:22:09", "rev": 2}, "vulnersScore": 3.4}, "cpe": ["cpe:/a:brian_renaud:metrics:1.0"], "affectedSoftware": [{"cpeName": "brian_renaud:metrics", "name": "brian renaud metrics", "operator": "eq", "version": "1.0"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:brian_renaud:metrics:1.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:brian_renaud:metrics:1.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "metrics-tmpfile-symlink(11734)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11734"}, {"name": "7293", "refsource": "BID", "tags": ["Vendor Advisory"], "url": "http://www.securityfocus.com/bid/7293"}, {"name": "DSA-279", "refsource": "DEBIAN", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2003/dsa-279"}]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:09", "bulletinFamily": "software", "cvelist": ["CVE-2003-0202"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-279)\n[Related OSVDB ID: 13391](https://vulners.com/osvdb/OSVDB:13391)\nISS X-Force ID: 11734\n[CVE-2003-0202](https://vulners.com/cve/CVE-2003-0202)\nBugtraq ID: 7293\n", "modified": "2003-04-07T00:00:00", "published": "2003-04-07T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:13390", "id": "OSVDB:13390", "title": "metrics halstead Script Symlink Arbitrary File Overwrite", "type": "osvdb", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:09", "bulletinFamily": "software", "cvelist": ["CVE-2003-0202"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.debian.org/security/2003/dsa-279)\n[Related OSVDB ID: 13390](https://vulners.com/osvdb/OSVDB:13390)\nISS X-Force ID: 11734\n[CVE-2003-0202](https://vulners.com/cve/CVE-2003-0202)\nBugtraq ID: 7293\n", "modified": "2003-04-07T00:00:00", "published": "2003-04-07T00:00:00", "id": "OSVDB:13391", "href": "https://vulners.com/osvdb/OSVDB:13391", "title": "metrics gather_stats Script Symlink Arbitrary File Overwrite", "type": "osvdb", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0202"], "description": "The remote host is missing an update to metrics\nannounced via advisory DSA 279-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53348", "href": "http://plugins.openvas.org/nasl.php?oid=53348", "type": "openvas", "title": "Debian Security Advisory DSA 279-1 (metrics)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_279_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 279-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Paul Szabo and Matt Zimmerman discoverd two similar problems in\nmetrics, a tools for software metrics. Two scripts in this package,\nhalstead and gather_stats, open temporary files without taking\nappropriate security precautions. halstead is installed as a user\nprogram, while gather_stats is only used in an auxiliary script\nincluded in the source code. These vulnerabilities could allow a\nlocal attacker to overwrite files owned by the user running the\nscripts, including root.\n\nThe stable distribution (woody) is not affected since it doesn't\ncontain a metrics package anymore.\n\nFor the old stable distribution (potato) this problem has been fixed\nin version 1.0-1.1.\n\nThe unstable distribution (sid) is not affected since it doesn't\ncontain a metrics package anymore.\n\nWe recommend that you upgrade your metrics package.\";\ntag_summary = \"The remote host is missing an update to metrics\nannounced via advisory DSA 279-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20279-1\";\n\nif(description)\n{\n script_id(53348);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:28:10 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(7293);\n script_cve_id(\"CVE-2003-0202\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 279-1 (metrics)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"metrics\", ver:\"1.0-1.1\", rls:\"DEB2.2\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:21:50", "bulletinFamily": "unix", "cvelist": ["CVE-2003-0202"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 279-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 7th, 2003 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : metrics\nVulnerability : insecure temporary file creation\nProblem-Type : local\nDebian-specific: no\nCVE Id : CAN-2003-0202\n\nPaul Szabo and Matt Zimmerman discoverd two similar problems in\nmetrics, a tools for software metrics. Two scripts in this package,\n"halstead" and "gather_stats", open temporary files without taking\nappropriate security precautions. "halstead" is installed as a user\nprogram, while "gather_stats" is only used in an auxiliary script\nincluded in the source code. These vulnerabilities could allow a\nlocal attacker to overwrite files owned by the user running the\nscripts, including root.\n\nThe stable distribution (woody) is not affected since it doesn't\ncontain a metrics package anymore.\n\nFor the old stable distribution (potato) this problem has been fixed\nin version 1.0-1.1.\n\nThe unstable distribution (sid) is not affected since it doesn't\ncontain a metrics package anymore.\n\nWe recommend that you upgrade your metrics package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 2.2 alias potato\n- ---------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1.dsc\n Size/MD5 checksum: 527 8e0a5e5a4897f6748669dcbcf98c5502\n http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1.diff.gz\n Size/MD5 checksum: 5171 b22998c91bbf809a44097f4fd6b5c83e\n http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0.orig.tar.gz\n Size/MD5 checksum: 77716 b5c03baa70c6826b27dcababe81f4259\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1_alpha.deb\n Size/MD5 checksum: 50216 3599a7ae7e2fe985970766e3b1143a52\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1_arm.deb\n Size/MD5 checksum: 44056 ea4b7cebada6b730acabe45b568b2eda\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1_i386.deb\n Size/MD5 checksum: 42942 a9d3846fae94cc5b805b8ed8ec4ee514\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1_m68k.deb\n Size/MD5 checksum: 41778 4eb48f051e430fb72884d1212a9ad415\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1_powerpc.deb\n Size/MD5 checksum: 44054 6a24a7813b1707ad1176b636e9b1db0b\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/m/metrics/metrics_1.0-1.1_sparc.deb\n Size/MD5 checksum: 51932 4252be7738d1a6eb4a3333d86e386d5a\n\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 2, "modified": "2003-04-07T00:00:00", "published": "2003-04-07T00:00:00", "id": "DEBIAN:DSA-279-1:BE6A2", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00064.html", "title": "[SECURITY] [DSA 279-1] New metrics packages fix insecure temporary file creation", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T09:48:07", "description": "Paul Szabo and Matt Zimmerman discovered two similar problems in\nmetrics, a tools for software metrics. Two scripts in this package,\n'halstead' and 'gather_stats', open temporary files without taking\nappropriate security precautions. 'halstead' is installed as a user\nprogram, while 'gather_stats' is only used in an auxiliary script\nincluded in the source code. These vulnerabilities could allow a local\nattacker to overwrite files owned by the user running the scripts,\nincluding root.", "edition": 26, "published": "2004-09-29T00:00:00", "title": "Debian DSA-279-1 : metrics - insecure temporary file creation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0202"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:2.2", "p-cpe:/a:debian:debian_linux:metrics"], "id": "DEBIAN_DSA-279.NASL", "href": "https://www.tenable.com/plugins/nessus/15116", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-279. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15116);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2003-0202\");\n script_bugtraq_id(7293);\n script_xref(name:\"DSA\", value:\"279\");\n\n script_name(english:\"Debian DSA-279-1 : metrics - insecure temporary file creation\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Paul Szabo and Matt Zimmerman discovered two similar problems in\nmetrics, a tools for software metrics. Two scripts in this package,\n'halstead' and 'gather_stats', open temporary files without taking\nappropriate security precautions. 'halstead' is installed as a user\nprogram, while 'gather_stats' is only used in an auxiliary script\nincluded in the source code. These vulnerabilities could allow a local\nattacker to overwrite files owned by the user running the scripts,\nincluding root.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2003/dsa-279\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the metrics package.\n\nThe stable distribution (woody) is not affected since it doesn't\ncontain a metrics package anymore.\n\nFor the old stable distribution (potato) this problem has been fixed\nin version 1.0-1.1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:metrics\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:2.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2003/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"2.2\", prefix:\"metrics\", reference:\"1.0-1.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}