CVE-2003-0390
published 2003-07-02CVE-2003-0390: Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute…
PriorityP418medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.03%
59.2th percentile
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | opt | < opt 3.19 (bookworm) | opt 3.19 (bookworm) |
| james_theiler | opt | <= 3.18 | — |
| james_theiler | opt | >= 0 < 3.19 | 3.19 |
| james_theiler | opt | >= 0 < 3.19 | 3.19 |
| james_theiler | opt | >= 0 < 3.19 | 3.19 |
| james_theiler | opt | >= 0 < 3.19 | 3.19 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8hqj-7rmc-v58x: Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3
ghsa_unreviewed·2022-04-29
CVE-2003-0390 [MEDIUM] GHSA-8hqj-7rmc-v58x: Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.
OSV
CVE-2003-0390: Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3
osv·2003-07-02·CVSS 4.6
CVE-2003-0390 [MEDIUM] CVE-2003-0390: Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.
Debian
CVE-2003-0390: opt - Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and ...
vendor_debian·2003·CVSS 4.6
CVE-2003-0390 [MEDIUM] CVE-2003-0390: opt - Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and ...
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.
Scope: local
bookworm: resolved (fixed in 3.19)
bullseye: resolved (fixed in 3.19)
forky: resolved (fixed in 3.19)
sid: resolved (fixed in 3.19)
trixie: resolved (fixed in 3.19)
No detection rules found.
Exploit-DB
Libopt.a 3.1x - Error Logging Buffer Overflow (1)
exploitdb·2003-04-24
CVE-2003-0390 Libopt.a 3.1x - Error Logging Buffer Overflow (1)
Libopt.a 3.1x - Error Logging Buffer Overflow (1)
---
/*
source: https://www.securityfocus.com/bid/7433/info
Libopt library has been reported prone to a buffer overflow vulnerability.
It has been reported that several Libopt.a error logging functions, may be prone to buffer overflow vulnerabilities when handling excessive data. The data may be supplied as an argument to a program linked to the vulnerable library. This condition arises from a lack of sufficient bounds checking performed on the user-supplied data, before it is copied into a memory buffer. As a result the bounds of an internal stack-based memory buffer may be overflowed and adjacent memory corrupted with attacker supplied data. It should be noted that no SUID applications linked to this library are currently known.
Altho
Exploit-DB
Libopt.a 3.1x - Error Logging Buffer Overflow (2)
exploitdb·2003-04-24
CVE-2003-0390 Libopt.a 3.1x - Error Logging Buffer Overflow (2)
Libopt.a 3.1x - Error Logging Buffer Overflow (2)
---
source: https://www.securityfocus.com/bid/7433/info
Libopt library has been reported prone to a buffer overflow vulnerability.
It has been reported that several Libopt.a error logging functions, may be prone to buffer overflow vulnerabilities when handling excessive data. The data may be supplied as an argument to a program linked to the vulnerable library. This condition arises from a lack of sufficient bounds checking performed on the user-supplied data, before it is copied into a memory buffer. As a result the bounds of an internal stack-based memory buffer may be overflowed and adjacent memory corrupted with attacker supplied data. It should be noted that no SUID applications linked to this library are currently known.
Although
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=105121918523320&w=2http://marc.info/?l=bugtraq&m=105371246204866&w=2http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gzhttp://marc.info/?l=bugtraq&m=105121918523320&w=2http://marc.info/?l=bugtraq&m=105371246204866&w=2http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz
2003-07-02
Published