nvd-json-data-feeds/CVE-2003/CVE-2003-04xx/CVE-2003-0489.json

{
  "id": "CVE-2003-0489",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2003-08-07T04:00:00.000",
  "lastModified": "2008-09-05T20:34:26.707",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute."
    },
    {
      "lang": "es",
      "value": "tcptraceroute 1.4 y anteriores tiene un fallo al soltar los privilegios de root despu\u00e9s de obtener un descriptor de fichero para capturar paquetes, lo que puede permitir  que usuarios locales ganen acceso al descriptor mediante una vulnerabilidad seperar en tcptraceroute."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector": "LOCAL",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": true,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:michael_c._toren:tcptraceroute:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "1.4",
              "matchCriteriaId": "37E147F9-897D-454C-9F73-F94DEE8246CE"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.debian.org/security/2003/dsa-330",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}