JVNDB-2003-000149

[Japanese]
JVNDB-2003-000149
lv Arbitrary Command Execution Vulnerability
Overview
lv contains a vulnerability of reading and running a .lv file in the current directry.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 7.2 (High) [NVD Score] Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
Affected Products

NARITA Tomio lv 4.49.4 previous Cybertrust Japan Co., Ltd. Asianux Server 2.0 Asianux Server 2.1 Turbolinux, Inc. Turbolinux Server 7 Turbolinux Server 8 Turbolinux Workstation 7 Turbolinux Workstation 8 Red Hat, Inc. Red Hat Enterprise Linux 2.1 (as) Red Hat Enterprise Linux 2.1 (es) Red Hat Enterprise Linux 2.1 (ws) Red Hat Linux 7.1 Red Hat Linux 7.2 Red Hat Linux 7.3 Red Hat Linux 8.0 Red Hat Linux 9 Red Hat Linux Advanced Workstation 2.1

Impact
An attacker could execute arbitrary command as other users with the privilege of the user running lv.
Solution
Please refer to the 'Vendor Information' section of this advisory for official remediation and take appropriate action.
Vendor Information
NARITA Tomio LV Homepage : Top Page LV Release Note : ver 4.49.5 Cybertrust Japan Co., Ltd. MIRACLE LINUX Update Information : lv (V2.x) (Japanese) Turbolinux, Inc. Turbolinux Security Advisory : TLSA-2003-35 Red Hat, Inc. Red Hat Security Advisory : RHSA-2003:169 Red Hat Security Advisory : RHSA-2003:167
CWE (What is CWE?)

CVE (What is CVE?)
CVE-2003-0188
References
National Vulnerability Database (NVD) : CVE-2003-0188 SecurityFocus : 7613
Revision History
[2008/05/21] Web page published


Date Public	2003/05/16
Date First Published	2008/05/21
Date Last Updated	2008/05/21

lv Arbitrary Command Execution Vulnerability