[Japanese]

JVNDB-2003-000149

lv Arbitrary Command Execution Vulnerability

Overview

lv contains a vulnerability of reading and running a .lv file in the current directry.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.2 (High) [NVD Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


NARITA Tomio
  • lv 4.49.4 previous
Turbolinux, Inc.
  • Turbolinux Server 7
  • Turbolinux Server 8
  • Turbolinux Workstation 7
  • Turbolinux Workstation 8
MIRACLE LINUX CORPORATION
  • Asianux Server 2.0
  • Asianux Server 2.1
Red Hat, Inc.
  • Red Hat Enterprise Linux 2.1 (as)
  • Red Hat Enterprise Linux 2.1 (es)
  • Red Hat Enterprise Linux 2.1 (ws)
  • Red Hat Linux 7.1
  • Red Hat Linux 7.2
  • Red Hat Linux 7.3
  • Red Hat Linux 8.0
  • Red Hat Linux 9
  • Red Hat Linux Advanced Workstation 2.1

Impact

An attacker could execute arbitrary command as other users with the privilege of the user running lv.
Solution

Please refer to the 'Vendor Information' section of this advisory for official remediation and take appropriate action.
Vendor Information

NARITA Tomio Turbolinux, Inc. MIRACLE LINUX CORPORATION
  • MIRACLE LINUX Update Information : lv (V2.x) (Japanese)
Red Hat, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2003-0188
References

  1. National Vulnerability Database (NVD) : CVE-2003-0188
  2. SecurityFocus : 7613
Revision History

  • [2008/05/21]
      Web page published

Date Public2003/05/16
Date First Published2008/05/21
Date Last Updated2008/05/21