Lucene search

[email protected]NVD:CVE-2003-0955

HistoryDec 15, 2003 - 5:00 a.m.

CVE-2003-0955

2003-12-1505:00:00

[email protected]

web.nvd.nist.gov

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

Percentile

0.4%

JSON

OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow.

Affected configurations

Nvd

Node

openbsdopenbsdMatch3.3

openbsdopenbsdMatch3.4

VendorProductVersionCPE
openbsdopenbsd3.3cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*
openbsdopenbsd3.4cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
openbsd	openbsd	3.3	cpe:2.3:o:openbsd:openbsd:3.3:::::::*
openbsd	openbsd	3.4	cpe:2.3:o:openbsd:openbsd:3.4:::::::*

References

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/005_exec.patch

lists.grok.org.uk/pipermail/full-disclosure/2003-November/013315.html

marc.info/?l=openbsd-security-announce&m=106808820119679&w=2

marc.info/?l=openbsd-security-announce&m=106917441524978&w=2

www.guninski.com/msuxobsd2.html

www.openbsd.org/errata33.html

www.securityfocus.com/bid/8978

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

Percentile

0.4%

JSON

Related for NVD:CVE-2003-0955

cvelist1 cve2 exploitdb2 nvd1