4.6 - CVE-2002-1476

Executive Summary

Informations
Name	CVE-2002-1476	First vendor Publication	2003-04-22
Vendor	Cve	Last vendor Modification	2008-09-05

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	4.6	Attack Range	Local
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1476

CPE : Common Platform Enumeration

Type	Description	Count
Os	Netbsd cpe:2.3:o:netbsd:netbsd:1.6:beta:::::: cpe:2.3:o:netbsd:netbsd:1.5.3:::::::* cpe:2.3:o:netbsd:netbsd:1.5.2:::::::* cpe:2.3:o:netbsd:netbsd:1.5.1:::::::* cpe:2.3:o:netbsd:netbsd:1.5:::::::* cpe:2.3:o:netbsd:netbsd:1.4:::::::*	6

Open Source Vulnerability Database (OSVDB)

Id	Description
7565	NetBSD libc setlocale LC_ALL Category Privilege Escalation A local overflow exists in setlocale in NetBSD's libc. setlocale fails to handle input correctly under the following conditions: 1) LC_ALL is called, 2) there are more than six slash-separated arguments in the second string, and 3) the second string is derived from user-supplied data. This can result in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

Description

7565

NetBSD libc setlocale LC_ALL Category Privilege Escalation

A local overflow exists in setlocale in NetBSD's libc. setlocale fails to handle input correctly under the following conditions: 1) LC_ALL is called, 2) there are more than six slash-separated arguments in the second string, and 3) the second string is derived from user-supplied data. This can result in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/5724
NETBSD	ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc
OSVDB	http://www.osvdb.org/7565
XF	http://www.iss.net/security_center/static/10159.php

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:01:48	Multiple Updates
2021-04-22 01:01:56	Multiple Updates
2020-05-23 00:15:09	Multiple Updates
2016-06-28 15:00:41	Multiple Updates
2013-05-11 12:13:17	Multiple Updates

Type	Count
CPE ID(s)	6
Sources(s)	4
osvdb(s)	1

4.6 - CVE-2002-1476

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU