[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253928

 
 

909

 
 

198006

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2003-1234Date: (C)2003-12-31   (M)2023-12-22


Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.6
Exploit Score: 3.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1005898
http://www.securityfocus.com/archive/1/archive/1/305308/30/26420/threaded
http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html
BID-6524
SECUNIA-7821
FreeBSD-SA-02:44
freebsd-kernel-integer-overflow(10993)
http://www.pine.nl/press/pine-cert-20030101.txt

CPE    30
cpe:/o:freebsd:freebsd:2.1.6.1
cpe:/o:freebsd:freebsd:2.1.7.1
cpe:/o:freebsd:freebsd:4.10
cpe:/o:freebsd:freebsd:4.11
...

© SecPod Technologies