CVE-2003-0476

high

Description

The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327

http://www.redhat.com/support/errata/RHSA-2003-408.html

http://www.redhat.com/support/errata/RHSA-2003-368.html

http://www.redhat.com/support/errata/RHSA-2003-238.html

http://www.mandriva.com/security/advisories?name=MDKSA-2003:074

http://www.debian.org/security/2004/dsa-423

http://www.debian.org/security/2004/dsa-358

http://marc.info/?l=bugtraq&m=105664924024009&w=2

Details

Source: Mitre, NVD

Published: 2003-08-07

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00111

Detections

Analytics