Vulnerability Description
The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.2.0 |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html
- http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html
- http://www.iss.net/security_center/static/8634.phpVendor Advisory
- http://www.securityfocus.com/archive/1/264117Vendor Advisory
- http://www.securityfocus.com/bid/4367ExploitVendor Advisory
- http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0074.html
- http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html
- http://www.iss.net/security_center/static/8634.phpVendor Advisory
- http://www.securityfocus.com/archive/1/264117Vendor Advisory
- http://www.securityfocus.com/bid/4367ExploitVendor Advisory
FAQ
What is CVE-2002-0499?
CVE-2002-0499 is a vulnerability with a CVSS score of 2.1 (LOW). The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappro...
How severe is CVE-2002-0499?
CVE-2002-0499 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0499?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.