Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2003-0489
cve-2003-0489
tcptraceroute
privilege escalation
file descriptor
packet capture
vulnerability
nvd
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute.
Affected configurations
Node
michael_c._torentcptracerouteRange≤1.4
| CPE | Name | Operator | Version |
|---|---|---|---|
| michael_c._toren:tcptraceroute | michael c. toren tcptraceroute | le | 1.4 |
References
Related
osv
osv
tcptraceroute - failure to drop root privileges
2003-06-23 00:00:00
nessus
nessus
Debian DSA-330-1 : tcptraceroute - failure to drop root privileges
2004-09-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 330-1 (tcptraceroute)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-330)
2008-01-17 00:00:00
cvelist
cvelist
CVE-2003-0489
2022-10-03 16:15:43
nvd
nvd
CVE-2003-0489
2003-08-07 04:00:00
debiancve
debiancve
CVE-2003-0489
2022-10-03 16:15:43
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.4 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2003-0489