CVE-2003-0102 Affecting file package, versions <3.40-1.1
Threat Intelligence
EPSS
0.24% (63rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN10-FILE-301014
- published 18 Mar 2003
- disclosed 18 Mar 2003
Introduced: 18 Mar 2003
CVE-2003-0102 Open this link in a new tabHow to fix?
Upgrade Debian:10
file
to version 3.40-1.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream file
package and not the file
package as distributed by Debian
.
See How to fix?
for Debian:10
relevant fixed versions and status.
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
References
- https://security-tracker.debian.org/tracker/CVE-2003-0102
- http://www.kb.cert.org/vuls/id/611865
- http://www.debian.org/security/2003/dsa-260
- http://marc.info/?l=bugtraq&m=104680706201721&w=2
- http://lwn.net/Alerts/34908/
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030
- http://www.idefense.com/advisory/03.04.03.txt
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc
- http://www.securityfocus.com/bid/7008
- http://www.novell.com/linux/security/advisories/2003_017_file.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11469
- http://www.redhat.com/support/errata/RHSA-2003-086.html
- http://www.redhat.com/support/errata/RHSA-2003-087.html
CVSS Scores
version 3.1