Vulnerability Description
The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors.
CVSS Score
2.1
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yamaguchi | Shingo Beep2 | 1.0 |
References
- http://www.kip.iis.toyama-u.ac.jp/~shingo/beep/package/src/beep2-1.2a.tar.gzPatch
- http://www.securityfocus.com/bid/3859Patch
- http://www.kip.iis.toyama-u.ac.jp/~shingo/beep/package/src/beep2-1.2a.tar.gzPatch
- http://www.securityfocus.com/bid/3859Patch
FAQ
What is CVE-2002-2023?
CVE-2002-2023 is a vulnerability with a CVSS score of 2.1 (LOW). The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors.
How severe is CVE-2002-2023?
CVE-2002-2023 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-2023?
Check the references section above for vendor advisories and patch information. Affected products include: Yamaguchi Shingo Beep2.