CVE-2003-0188 - OpenCVE

lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Linux Lv
Lv	Lv

Configuration 1 [-]

OR	cpe:2.3:a:lv:lv:4.49.1:::::::*
	cpe:2.3:a:lv:lv:4.49.2:::::::*
	cpe:2.3:a:lv:lv:4.49.3:::::::*
	cpe:2.3:a:lv:lv:4.49.4:::::::*
	cpe:2.3:a:redhat:lv:4.49.4-1::i386:::::
	cpe:2.3:a:redhat:lv:4.49.4-3::i386:::::
	cpe:2.3:a:redhat:lv:4.49.4-7::i386:::::
	cpe:2.3:a:redhat:lv:4.49.4-9::i386:::::

Configuration 2 [-]

OR	cpe:2.3:o:redhat:linux:7.1:::::::*
	cpe:2.3:o:redhat:linux:7.2:::::::*
	cpe:2.3:o:redhat:linux:7.3:::::::*
	cpe:2.3:o:redhat:linux:8.0:::::::*
	cpe:2.3:o:redhat:linux:9.0::i386:::::

References

Link	Resource
http://www.debian.org/security/2003/dsa-304	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-167.html
http://www.redhat.com/support/errata/RHSA-2003-169.html	Patch Vendor Advisory
http://www.turbolinux.com/security/TLSA-2003-35.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A430

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2003-05-17T04:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2003-04-01T00:00:00

Link: CVE-2003-0188

JSON object: View

NVD Information

Status : Modified

Published: 2003-06-09T04:00:00.000

Modified: 2017-10-11T01:29:06.637

Link: CVE-2003-0188

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-05-16T00:00:00", "descriptions": [{"lang": "en", "value": "lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "oval:org.mitre.oval:def:430", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A430"}, {"name": "RHSA-2003:169", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-169.html"}, {"name": "DSA-304", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2003/dsa-304"}, {"name": "RHSA-2003:167", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-167.html"}, {"name": "TLSA-2003-35", "tags": ["vendor-advisory", "x_refsource_TURBO"], "url": "http://www.turbolinux.com/security/TLSA-2003-35.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0188", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:430", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A430"}, {"name": "RHSA-2003:169", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-169.html"}, {"name": "DSA-304", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-304"}, {"name": "RHSA-2003:167", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-167.html"}, {"name": "TLSA-2003-35", "refsource": "TURBO", "url": "http://www.turbolinux.com/security/TLSA-2003-35.txt"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0188", "datePublished": "2003-05-17T04:00:00", "dateReserved": "2003-04-01T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lv:lv:4.49.1:*:*:*:*:*:*:*", "matchCriteriaId": "BA6A63E3-13BB-4FD7-B6FF-8494A694A637", "vulnerable": true}, {"criteria": "cpe:2.3:a:lv:lv:4.49.2:*:*:*:*:*:*:*", "matchCriteriaId": "CFE97CE9-247C-4B85-A2F1-32F14D59190A", "vulnerable": true}, {"criteria": "cpe:2.3:a:lv:lv:4.49.3:*:*:*:*:*:*:*", "matchCriteriaId": "1126844F-3B9D-46E7-9712-7A0D6A67773C", "vulnerable": true}, {"criteria": "cpe:2.3:a:lv:lv:4.49.4:*:*:*:*:*:*:*", "matchCriteriaId": "07A2DB45-1AA8-42AC-A082-00BD345EE757", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:lv:4.49.4-1:*:i386:*:*:*:*:*", "matchCriteriaId": "AFB601B0-3BDB-48E2-BAD1-DC139EF0BDB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:lv:4.49.4-3:*:i386:*:*:*:*:*", "matchCriteriaId": "DEAC3323-384B-4733-886D-56CBE396F72A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:lv:4.49.4-7:*:i386:*:*:*:*:*", "matchCriteriaId": "3E33DD9C-62C8-4616-B627-4903FE90F2FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:lv:4.49.4-9:*:i386:*:*:*:*:*", "matchCriteriaId": "0E67C635-26FF-4147-A5C5-E40C6166C9CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "138985E6-5107-4E8B-A801-C3D5FE075227", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "038FEDE7-986F-4CA5-9003-BA68352B87D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*", "matchCriteriaId": "F3FDE8C4-5FFD-4CC2-9F35-7C32043966D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories."}, {"lang": "es", "value": "lv lee un fichero .lv desde el directorio de trabajo actual, lo que permitir\u00eda que usuarios locales ejecuten comandos arbitrarios como otros usuarios lv (colocando ficheros .lv dentro de otros directorios)."}], "id": "CVE-2003-0188", "lastModified": "2017-10-11T01:29:06.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-06-09T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2003/dsa-304"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-167.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2003-169.html"}, {"source": "cve@mitre.org", "url": "http://www.turbolinux.com/security/TLSA-2003-35.txt"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A430"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}