CVE-2003-0476

Linux 2.4.x - Info Disclosure

Title source: llm

Description

The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.

References (8)

[Mailing List] http://marc.info/?l=bugtraq&m=105664924024009&w=2

[Patch, Vendor Advisory] http://www.debian.org/security/2004/dsa-423

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2003:074

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-238.html

[Patch, Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-368.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2003-408.html

[Third Party Advisory] http://www.debian.org/security/2004/dsa-358

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327

Scores

EPSS 0.0015

EPSS Percentile 35.9%

Classification

Status draft

Affected Products (1)

linux/linux_kernel

Timeline

Published Aug 07, 2003

Tracked Since Feb 18, 2026