VDB
CVE-2003-0127
CVE-2003-0127
PUBLISHED
CVSS 7.199999809265137 HIGH
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
EPSS 0.95% · 76.8th percentile
Risk Scores
CVSS 2.0
7.199999809265137
EPSS Score
0.95%
76.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a, * |
| linux | linux_kernel | 2.2.0, 2.2.1, 2.2.2 |
Exploit Intelligence
- Secured root-level access by identifying and exploiting misconfigurations and outdated software. Buffer overflow vulnerability in an outdated version of mod_ssl (CVE-2002-0082). Privilege escalation was subsequently achieved by exploiting a race condition in the Linux kernel's "ptrace" utility (CVE-2003-0127), (github-poc)
- Secured root-level access by identifying and exploiting misconfigurations and outdated software. Buffer overflow vulnerability in an outdated version of mod_ssl (CVE-2002-0082). Privilege escalation was subsequently achieved by exploiting a race condition in the Linux kernel's "ptrace" utility (CVE-2003-0127), (github-poc)
- Secured root-level access by identifying and exploiting misconfigurations and outdated software. Buffer overflow vulnerability in an outdated version of mod_ssl (CVE-2002-0082). Privilege escalation was subsequently achieved by exploiting a race condition in the Linux kernel's "ptrace" utility (CVE-2003-0127), (github-poc)
- Secured root-level access by identifying and exploiting misconfigurations and outdated software. Buffer overflow vulnerability in an outdated version of mod_ssl (CVE-2002-0082). Privilege escalation was subsequently achieved by exploiting a race condition in the Linux kernel's "ptrace" utility (CVE-2003-0127), (github-poc)
- Secured root-level access by identifying and exploiting misconfigurations and outdated software. Buffer overflow vulnerability in an outdated version of mod_ssl (CVE-2002-0082). Privilege escalation was subsequently achieved by exploiting a race condition in the Linux kernel's "ptrace" utility (CVE-2003-0127), (github-poc)
- CSSA-2003-020.0 (circl)
- oval:org.mitre.oval:def:254 (circl)
- RHSA-2003:103 (circl)
- DSA-276 (circl)
- ESA-20030515-017 (circl)
…and 19 more exploits
Timeline
- Mar 18, 2003 CVE Published
- Jun 20, 2017 VulnCheck KEV Exploitation
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 3, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
References
- http://www.debian.org/security/2004/dsa-423 technical
- RHSA-2003:103 vendor-advisory
- RHSA-2003:088 vendor-advisory
- DSA-270 vendor-advisory
- RHSA-2003:098 vendor-advisory
- DSA-336 vendor-advisory
- CSSA-2003-020.0 vendor-advisory
- DSA-276 vendor-advisory
- ESA-20030515-017 vendor-advisory
- MDKSA-2003:039 vendor-advisory
- DSA-495 vendor-advisory
- GLSA-200303-17 vendor-advisory
- DSA-311 vendor-advisory
- DSA-332 vendor-advisory
- 20030317 Fwd: Ptrace hole / Linux 2.2.25 mailing-list
- oval:org.mitre.oval:def:254 vdb
- RHSA-2003:145 vendor-advisory
- MDKSA-2003:038 vendor-advisory
- DSA-312 vendor-advisory
- VU#628849 third-party-advisory
…and 1 more