CVE-2002-0499

Linux kernel <2.2.20 & <2.4.18 - Path Traversal

Title source: llm

Description

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.

Exploits (1)

exploitdb WORKING POC VERIFIED

by cliph · clocallinux

https://www.exploit-db.com/exploits/21353

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html

[Vendor Advisory] http://www.iss.net/security_center/static/8634.php

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/4367

[Various Sources] http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html

[Vendor Advisory] http://www.securityfocus.com/archive/1/264117

Scores

EPSS 0.0046

EPSS Percentile 64.2%

Details

Status published

Products (42)

linux/linux_kernel 2.2.0

linux/linux_kernel 2.2.1

linux/linux_kernel 2.2.2

linux/linux_kernel 2.2.3

linux/linux_kernel 2.2.4

linux/linux_kernel 2.2.5

linux/linux_kernel 2.2.6

linux/linux_kernel 2.2.7

linux/linux_kernel 2.2.8

linux/linux_kernel 2.2.9

... and 32 more

Published Aug 12, 2002

Tracked Since Feb 18, 2026