Vulnerability Description
The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.4.0 |
References
- http://marc.info/?l=linux-kernel&m=105796021120436&w=2
- http://marc.info/?l=linux-kernel&m=105796415223490&w=2
- http://www.redhat.com/support/errata/RHSA-2004-188.htmlPatchVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=linux-kernel&m=105796021120436&w=2
- http://marc.info/?l=linux-kernel&m=105796415223490&w=2
- http://www.redhat.com/support/errata/RHSA-2004-188.htmlPatchVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2003-0465?
CVE-2003-0465 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead t...
How severe is CVE-2003-0465?
CVE-2003-0465 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0465?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.