Search for vulnerabilities
Vulnerability details: VCID-rey8-vkdg-aaan
Vulnerability ID VCID-rey8-vkdg-aaan
Aliases CVE-2003-0102
Summary Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.00732 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.07234 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
epss 0.08278 https://api.first.org/data/v1/epss?cve=CVE-2003-0102
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1616966
cvssv2 4.6 https://nvd.nist.gov/vuln/detail/CVE-2003-0102
Reference id Reference type URL
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc
http://lwn.net/Alerts/34908/
http://marc.info/?l=bugtraq&m=104680706201721&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0102.json
https://api.first.org/data/v1/epss?cve=CVE-2003-0102
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0102
https://exchange.xforce.ibmcloud.com/vulnerabilities/11469
http://www.debian.org/security/2003/dsa-260
http://www.kb.cert.org/vuls/id/611865
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030
http://www.novell.com/linux/security/advisories/2003_017_file.html
http://www.redhat.com/support/errata/RHSA-2003-086.html
http://www.redhat.com/support/errata/RHSA-2003-087.html
http://www.securityfocus.com/bid/7008
1616966 https://bugzilla.redhat.com/show_bug.cgi?id=1616966
cpe:2.3:a:file:file:3.28:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file:file:3.28:*:*:*:*:*:*:*
cpe:2.3:a:file:file:3.30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file:file:3.30:*:*:*:*:*:*:*
cpe:2.3:a:file:file:3.32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file:file:3.32:*:*:*:*:*:*:*
cpe:2.3:a:file:file:3.33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file:file:3.33:*:*:*:*:*:*:*
cpe:2.3:a:file:file:3.34:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file:file:3.34:*:*:*:*:*:*:*
cpe:2.3:a:file:file:3.35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file:file:3.35:*:*:*:*:*:*:*
cpe:2.3:a:file:file:3.36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file:file:3.36:*:*:*:*:*:*:*
cpe:2.3:a:file:file:3.37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file:file:3.37:*:*:*:*:*:*:*
cpe:2.3:a:file:file:3.39:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file:file:3.39:*:*:*:*:*:*:*
cpe:2.3:a:file:file:3.40:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:file:file:3.40:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*
CVE-2003-0102 https://nvd.nist.gov/vuln/detail/CVE-2003-0102
CVE-2003-0102;OSVDB-6456 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/local/22324.c
CVE-2003-0102;OSVDB-6456 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/local/22325.c
CVE-2003-0102;OSVDB-6456 Exploit https://www.securityfocus.com/bid/7008/info
CVE-2003-1092;OSVDB-14743 Exploit http://www.idefense.com/advisory/03.04.03.txt
RHSA-2003:086 https://access.redhat.com/errata/RHSA-2003:086
RHSA-2003:087 https://access.redhat.com/errata/RHSA-2003:087
Data source Exploit-DB
Date added March 4, 2003
Description File 3.x - Local Stack Overflow Code Execution (2)
Ransomware campaign use Known
Source publication date March 4, 2003
Exploit type local
Platform unix
Source update date Oct. 28, 2012
Source URL https://www.securityfocus.com/bid/7008/info
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2003-0102
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.68777
EPSS Score 0.00278
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.