CVE-2003-0102

Published: Mar 18, 2003Modified: Apr 16, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

Affected (15)

Products: File: File · Netbsd: Netbsd

1 product

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
File File	Version 3.28
File File	Version 3.30
File File	Version 3.32
File File	Version 3.33
File File	Version 3.34
File File	Version 3.35
File File	Version 3.36
File File	Version 3.37
File File	Version 3.39
File File	Version 3.40

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Netbsd Netbsd	Version 1.5.1
Netbsd Netbsd	Version 1.5.2
Netbsd Netbsd	Version 1.5.3
Netbsd Netbsd	Version 1.5
Netbsd Netbsd	Version 1.6

References (24)

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc (unsafe URL)

Source: cve@mitre.org

http://lwn.net/Alerts/34908/

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=104680706201721&w=2

Source: cve@mitre.org

http://www.debian.org/security/2003/dsa-260

Source: cve@mitre.org

http://www.idefense.com/advisory/03.04.03.txt

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.kb.cert.org/vuls/id/611865

Source: cve@mitre.org

US Government Resource

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2003_017_file.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-086.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2003-087.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/7008

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/11469

Source: cve@mitre.org

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://lwn.net/Alerts/34908/

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=104680706201721&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2003/dsa-260

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.idefense.com/advisory/03.04.03.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.kb.cert.org/vuls/id/611865

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2003_017_file.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2003-086.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2003-087.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/7008

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/11469

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.