CVE-2002-0844 - OpenCVE

Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Distrotech	Cvs

Configuration 1 [-]

cpe:2.3:a:distrotech:cvs:*:*:*:*:*:*:*:*

References

Link	Resource
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt	Broken Link Patch Vendor Advisory
ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc	Broken Link
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html	Broken Link Exploit Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=102233767925177&w=2	Mailing List
http://www.redhat.com/support/errata/RHSA-2004-004.html	Broken Link
http://www.securityfocus.com/bid/4829	Broken Link Patch Third Party Advisory VDB Entry Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/9175	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2011-07-17T00:00:00

Reserved: 2002-08-09T00:00:00

Link: CVE-2002-0844

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-08-12T04:00:00.000

Modified: 2024-02-02T02:49:53.307

Link: CVE-2002-0844

JSON object: View

Redhat Information

No data.

CWE

CWE-193

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-05-25T00:00:00", "descriptions": [{"lang": "en", "value": "Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-07-17T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20040103-01-U", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc"}, {"name": "RHSA-2004:004", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-004.html"}, {"name": "CSSA-2002-035.0", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt"}, {"name": "20020525 [DER ADV#8] - Local off by one in CVSD", "tags": ["mailing-list", "x_refsource_VULNWATCH"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html"}, {"name": "cvs-rcs-offbyone-bo(9175)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9175"}, {"name": "4829", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4829"}, {"name": "20020525 [DER ADV#8] - Local off by one in CVSD", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=102233767925177&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0844", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20040103-01-U", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc"}, {"name": "RHSA-2004:004", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-004.html"}, {"name": "CSSA-2002-035.0", "refsource": "CALDERA", "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt"}, {"name": "20020525 [DER ADV#8] - Local off by one in CVSD", "refsource": "VULNWATCH", "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html"}, {"name": "cvs-rcs-offbyone-bo(9175)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9175"}, {"name": "4829", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4829"}, {"name": "20020525 [DER ADV#8] - Local off by one in CVSD", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=102233767925177&w=2"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0844", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-08-09T00:00:00", "dateUpdated": "2011-07-17T00:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:distrotech:cvs:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5C6F868-918D-4055-A13A-4D752FC1BFD4", "versionEndExcluding": "1.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code."}], "id": "CVE-2002-0844", "lastModified": "2024-02-02T02:49:53.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2002-08-12T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Patch", "Vendor Advisory"], "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Exploit", "Patch", "Vendor Advisory"], "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=102233767925177&w=2"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2004-004.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/4829"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9175"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-193"}], "source": "nvd@nist.gov", "type": "Primary"}]}