CVE-2003-0465 - The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other

CVE-2003-0465

Summary

The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.5.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.5.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

oval via4

accepted

2013-04-29T04:04:18.694-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651

description

family

unix

oval:org.mitre.oval:def:10285

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2004:188

rpms

kernel-0:2.4.21-15.EL
kernel-BOOT-0:2.4.21-15.EL
kernel-debuginfo-0:2.4.21-15.EL
kernel-doc-0:2.4.21-15.EL
kernel-hugemem-0:2.4.21-15.EL
kernel-hugemem-unsupported-0:2.4.21-15.EL
kernel-smp-0:2.4.21-15.EL
kernel-smp-unsupported-0:2.4.21-15.EL
kernel-source-0:2.4.21-15.EL
kernel-unsupported-0:2.4.21-15.EL

refmap via4

confirm

Last major update

11-10-2017 - 01:29

Published

18-08-2003 - 04:00

Last modified

11-10-2017 - 01:29