CVE List 2003

Product
Score
Severity
Status
CVE
               
CVE Score Severity Package Description Published
CVE-2003-1604
7.8 MV Product/Version
affected:
CGE 7.0 Resolved
CGX 2.0 Resolved
CGX 1.8 Resolved
CGX 2.2 Resolved
kernel The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787. May 2, 2016, 05:05 am
CVE-2003-1327
9.3 MV Product/Version
affected:
High wu-ftpd Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator. December 30, 2003, 23:12 pm
CVE-2003-0854
2.1 MV Product/Version
affected:
Low fileutils ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd. November 16, 2003, 23:11 pm
CVE-2003-0545
10.0 MV Product/Version
affected:
CGE 7.0 Resolved
High openssl Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding. November 16, 2003, 23:11 pm
CVE-2003-0544
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium openssl OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used. November 16, 2003, 23:11 pm
CVE-2003-0543
5.0 MV Product/Version
affected:
Professional PRO 3.1 Resolved
CGE 3.1 Resolved
CGE 7.0 Resolved
CGE 2.1 Resolved
CGE 3.0 Resolved
Professional PRO 2.1 Resolved
Medium openssl Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values. November 16, 2003, 23:11 pm
CVE-2003-0388
4.6 MV Product/Version
affected:
Medium kernel pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name. July 23, 2003, 23:07 pm
CVE-2003-0147
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Professional PRO 2.1 Resolved
CGE 3.0 Resolved
CGE 2.1 Resolved
Medium openpkg OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the servers private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (Karatsuba and normal). March 30, 2003, 23:03 pm
CVE-2003-0131
7.5 MV Product/Version
affected:
CGE 7.0 Resolved
CGE 2.1 Resolved
CGE 3.0 Resolved
Professional PRO 2.1 Resolved
High openssl The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the Klima-Pokorny-Rosa attack. March 23, 2003, 23:03 pm
CVE-2003-0078
5.0 MV Product/Version
affected:
CGE 7.0 Resolved
Medium openssl ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the Vaudenay timing attack. March 2, 2003, 23:03 pm
CVE-2003-0028
7.5 MV Product/Version
affected:
High glibc Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. March 24, 2003, 23:03 pm