[Japanese]

JVNDB-2003-000149

lv Arbitrary Command Execution Vulnerability

Overview

lv contains a vulnerability of reading and running a .lv file in the current directry.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.2 (High) [NVD Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


NARITA Tomio
  • lv 4.49.4 previous
Cybertrust Japan Co., Ltd.
  • Asianux Server 2.0
  • Asianux Server 2.1
Turbolinux, Inc.
  • Turbolinux Server 7
  • Turbolinux Server 8
  • Turbolinux Workstation 7
  • Turbolinux Workstation 8
Red Hat, Inc.
  • Red Hat Enterprise Linux 2.1 (as)
  • Red Hat Enterprise Linux 2.1 (es)
  • Red Hat Enterprise Linux 2.1 (ws)
  • Red Hat Linux 7.1
  • Red Hat Linux 7.2
  • Red Hat Linux 7.3
  • Red Hat Linux 8.0
  • Red Hat Linux 9
  • Red Hat Linux Advanced Workstation 2.1

Impact

An attacker could execute arbitrary command as other users with the privilege of the user running lv.
Solution

Please refer to the 'Vendor Information' section of this advisory for official remediation and take appropriate action.
Vendor Information

NARITA Tomio Cybertrust Japan Co., Ltd.
  • MIRACLE LINUX Update Information : lv (V2.x) (Japanese)
Turbolinux, Inc. Red Hat, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2003-0188
References

  1. National Vulnerability Database (NVD) : CVE-2003-0188
  2. SecurityFocus : 7613
Revision History

  • [2008/05/21]
      Web page published