CVE-2003-0501
published 2003-08-07CVE-2003-0501: The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program…
PriorityP411low2.1CVSS 2.0
AVLACLAuNCPINAN
EXPLOIT
EPSS
0.83%
52.9th percentile
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat2.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2003-06-20·CVSS 2.1
CVE-2003-0501 [LOW] security flaw
security flaw
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.
GHSA
GHSA-7vpv-wgcj-h638: The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid pr
ghsa_unreviewed·2022-04-29
CVE-2003-0501 [LOW] GHSA-7vpv-wgcj-h638: The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid pr
The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries.
No detection rules found.
Exploit-DB
Microsoft Outlook 2003 - Mail Client E-mail Address Verification
exploitdb·2004-05-11
CVE-2004-0501 Microsoft Outlook 2003 - Mail Client E-mail Address Verification
Microsoft Outlook 2003 - Mail Client E-mail Address Verification
---
source: https://www.securityfocus.com/bid/10323/info
It has been reported that Microsoft Outlook mail client may be prone to a weakness that could allow a remote attacker to verify the validity of a recipient's e-mail address. This issue may result in a victim receiving more junk e-mail.
Microsoft Outlook 2003 is reported to be affected by this issue.
v\:* { behavior: url(#default#VML); }
Exploit-DB
Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Information Disclosure
exploitdb·2003-06-20
CVE-2003-0501 Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Information Disclosure
Linux Kernel 2.2.x/2.4.x - '/proc' Filesystem Information Disclosure
---
/*
source: https://www.securityfocus.com/bid/8002/info
A potential information disclosure vulnerability has been reported for the Linux /proc filesystem, specifically when invoking setuid applications. As a result, an unprivileged user may be able to read the contents of a setuid application's environment data. This could potentially, although unlikely, result in the disclosure of sensitive information, such as restricted file path information.
*/
/****************************************************************
* *
* Linux /proc information disclosure PoC *
* by IhaQueR *
* *
****************************************************************/
#include
#include
#include
#include
#include
#include
#include
#include
http://marc.info/?l=bugtraq&m=105621758104242http://www.debian.org/security/2004/dsa-358http://www.debian.org/security/2004/dsa-423http://www.redhat.com/support/errata/RHSA-2003-198.htmlhttp://www.redhat.com/support/errata/RHSA-2003-238.htmlhttp://www.redhat.com/support/errata/RHSA-2003-239.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A328http://marc.info/?l=bugtraq&m=105621758104242http://www.debian.org/security/2004/dsa-358http://www.debian.org/security/2004/dsa-423http://www.redhat.com/support/errata/RHSA-2003-198.htmlhttp://www.redhat.com/support/errata/RHSA-2003-238.htmlhttp://www.redhat.com/support/errata/RHSA-2003-239.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A328
2003-08-07
Published