CVE-2003-0127

Description

The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.

CVSS Metrics

• v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.95%• Percentile: 77%

Affected Systems

• linux•linux_kernel

  2.2.0 | 2.2.1 | 2.2.2 | 2.2.3 | 2.2.4 | 2.2.5 | 2.2.6 | 2.2.7 | 2.2.8 | 2.2.9 | 2.2.10 | 2.2.11 | 2.2.12 | 2.2.13 | 2.2.14 | 2.2.15 | 2.2.16 | 2.2.17 | 2.2.18 | 2.2.19 | 2.2.20 | 2.2.21 | 2.2.22 | 2.2.23 | 2.2.24 | 2.4.0 | 2.4.1 | 2.4.2 | 2.4.3 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 | 2.4.9 | 2.4.10 | 2.4.11 | 2.4.12 | 2.4.13 | 2.4.14 | 2.4.15 | 2.4.16 | 2.4.17 | 2.4.18 | 2.4.19 | 2.4.20 | 2.4.21:pre1

References (20)

• http://www.redhat.com/support/errata/RHSA-2003-103.html
• http://rhn.redhat.com/errata/RHSA-2003-088.html
• http://www.debian.org/security/2003/dsa-270
• http://www.debian.org/security/2004/dsa-423
• http://rhn.redhat.com/errata/RHSA-2003-098.html
• http://www.debian.org/security/2003/dsa-336
• ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt
• http://www.debian.org/security/2003/dsa-276
• http://marc.info/?l=bugtraq&m=105301461726555&w=2
• http://www.mandriva.com/security/advisories?name=MDKSA-2003:039
• http://www.debian.org/security/2004/dsa-495
• http://security.gentoo.org/glsa/glsa-200303-17.xml
• http://www.debian.org/security/2003/dsa-311
• http://www.debian.org/security/2003/dsa-332
• http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A254
• http://www.redhat.com/support/errata/RHSA-2003-145.html
• http://www.mandriva.com/security/advisories?name=MDKSA-2003:038
• http://www.debian.org/security/2003/dsa-312
• http://www.kb.cert.org/vuls/id/628849