CVE-2003-1289 - OpenCVE

The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Freebsd	Freebsd
Netbsd	Netbsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd::release_p2::::::*
	cpe:2.3:o:freebsd:freebsd::release_p1::::::*
	cpe:2.3:o:freebsd:freebsd:4.0:::::::*
	cpe:2.3:o:freebsd:freebsd:5.0:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5.1:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5.2:::::::*
	cpe:2.3:o:netbsd:netbsd:1.5.3:::::::*

References

Link	Resource
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc
http://secunia.com/advisories/9504	Patch Vendor Advisory
http://securitytracker.com/id?1007460	Patch Vendor Advisory
http://www.osvdb.org/2406	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/12892

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-12-17T21:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2005-12-17T00:00:00

Link: CVE-2003-1289

JSON object: View

NVD Information

Status : Modified

Published: 2003-12-31T05:00:00.000

Modified: 2017-07-20T01:29:01.237

Link: CVE-2003-1289

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-08-10T00:00:00", "descriptions": [{"lang": "en", "value": "The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "2406", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/2406"}, {"name": "freebsd-ibcs2-kernel-memory(12892)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12892"}, {"name": "9504", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/9504"}, {"name": "FreeBSD-SA-03:10", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc"}, {"name": "1007460", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1007460"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-1289", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2406", "refsource": "OSVDB", "url": "http://www.osvdb.org/2406"}, {"name": "freebsd-ibcs2-kernel-memory(12892)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12892"}, {"name": "9504", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/9504"}, {"name": "FreeBSD-SA-03:10", "refsource": "FREEBSD", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc"}, {"name": "1007460", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1007460"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-1289", "datePublished": "2005-12-17T21:00:00", "dateReserved": "2005-12-17T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:*:release_p2:*:*:*:*:*:*", "matchCriteriaId": "5206BC9B-F7CC-4AF2-866F-46F094616219", "versionEndIncluding": "4.8", "vulnerable": false}, {"criteria": "cpe:2.3:o:freebsd:freebsd:*:release_p1:*:*:*:*:*:*", "matchCriteriaId": "79F06925-8A46-4721-B509-53E8145CF2A5", "versionEndIncluding": "5.1", "vulnerable": false}, {"criteria": "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0A585A1-FF82-418F-90F8-072458DB7816", "vulnerable": false}, {"criteria": "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "61EBA52A-2D8B-4FB5-866E-AE67CE1842E7", "vulnerable": false}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "E10D9BF9-FCC7-4680-AD3A-95757FC005EA", "vulnerable": false}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "78E8C3A4-9FA7-4F2A-8C65-D4404715E674", "vulnerable": false}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "DBA2E3A3-EB9B-4B20-B754-EEC914FB1D47", "vulnerable": false}, {"criteria": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "7AC78BA4-70F4-4B9F-93C2-B107E4DCC418", "vulnerable": false}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory."}], "id": "CVE-2003-1289", "lastModified": "2017-07-20T01:29:01.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/9504"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://securitytracker.com/id?1007460"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.osvdb.org/2406"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12892"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}