CVE-2003-0462

Mandrake Multi Network Firewall - Denial of Service via execve Race Condition

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0462. PoCs published by IhaQueR.

AI-analyzed exploit summary This exploit leverages a race condition in the Linux 2.4.x kernel's execve() system call to gain read access to a setuid binary. It uses the clone() syscall to create a child process that executes the target binary while the parent process attempts to read the file descriptor before execution completes.

Description

A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).

Exploits (1)

exploitdb WORKING POC VERIFIED
by IhaQueR · clocallinux
https://www.exploit-db.com/exploits/22840

This exploit leverages a race condition in the Linux 2.4.x kernel's execve() system call to gain read access to a setuid binary. It uses the clone() syscall to create a child process that executes the target binary while the parent process attempts to read the file descriptor before execution completes.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel 2.4.x
No auth needed
Prerequisites: Access to a Linux 2.4.x system with a setuid binary
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-238.html
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-423
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-198.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-239.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A309
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-358

Scores

EPSS 0.0065
EPSS Percentile 46.1%

Details

Status published
Products (26)
linux/linux_kernel 2.4.0
linux/linux_kernel 2.4.1
linux/linux_kernel 2.4.2
linux/linux_kernel 2.4.3
linux/linux_kernel 2.4.4
linux/linux_kernel 2.4.5
linux/linux_kernel 2.4.6
linux/linux_kernel 2.4.7
linux/linux_kernel 2.4.8
linux/linux_kernel 2.4.9
... and 16 more
Published Aug 27, 2003
Tracked Since Feb 18, 2026