CVE-2004-0618
published 2004-12-06CVE-2004-0618: FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an…
PriorityP49low2.1CVSS 2.0
AVLACLAuNCNINAP
EXPLOIT
EPSS
0.85%
53.7th percentile
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2003-0618 leaks file existance information
bugzilla·2007-07-20·CVSS 2.1
CVE-2003-0618 [LOW] CVE-2003-0618 leaks file existance information
CVE-2003-0618 leaks file existance information
Clone for RHEL3 tracking
+++ This bug was initially created as a clone of Bug #114923 +++
CAN-2003-0618 was reported 2003Jul29 to Debian. You can test for the
existance of files even if you don't have permission to do so by using
the suidperl command.
$ su
# mkdir ~root/delme; chmod 700 ~root/delme;touch ~root/delme/1
# exit
$ suidperl ~root/delme/1
Script is not setuid/setgid in suidperl
$ suidperl ~root/delme/2
Can't open perl script "/root/delme/2": No such file ...
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=220486
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426
Affects: 2.1AS 2.1ES 2.1AW 2.1WS (5.6.1)
Affects: 3AS 3ES 3WS (5.8.0)
Debian released an errata for this issue in Feb 2004.
-- Additional comment from mjc@redh
Bugzilla
CVE-2003-0618 leaks file existance information
bugzilla·2004-02-04·CVSS 2.1
CVE-2003-0618 [LOW] CVE-2003-0618 leaks file existance information
CVE-2003-0618 leaks file existance information
CAN-2003-0618 was reported 2003Jul29 to Debian. You can test for the
existance of files even if you don't have permission to do so by using
the suidperl command.
$ su
# mkdir ~root/delme; chmod 700 ~root/delme;touch ~root/delme/1
# exit
$ suidperl ~root/delme/1
Script is not setuid/setgid in suidperl
$ suidperl ~root/delme/2
Can't open perl script "/root/delme/2": No such file ...
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=220486
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426
Affects: 2.1AS 2.1ES 2.1AW 2.1WS (5.6.1)
Affects: 3AS 3ES 3WS (5.8.0)
Debian released an errata for this issue in Feb 2004.
Discussion:
Actually this doesn't affect RHEL3 because the setuid perl package was
not shipped.
---
I did some verification
2004-12-06
Published