CVE-2002-0499

Linux kernel <2.2.20 & <2.4.18 - Path Traversal

Title source: llm

Description

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cliph · clocallinux

https://www.exploit-db.com/exploits/21353

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html

[Various Sources] http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html

[Vendor Advisory] http://www.iss.net/security_center/static/8634.php

[Vendor Advisory] http://www.securityfocus.com/archive/1/264117

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/4367

Scores

EPSS 0.0046

EPSS Percentile 63.8%

Classification

Status draft

Affected Products (42)

linux/linux_kernel

... and 27 more

Timeline

Published Aug 12, 2002

Tracked Since Feb 18, 2026