CVE-2003-0361

gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://gps.seul.org/changelog.html	Patch
http://www.debian.org/security/2003/dsa-307	Patch Vendor Advisory
http://gps.seul.org/changelog.html	Patch
http://www.debian.org/security/2003/dsa-307	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:debian:debian_linux:0.9.1::woody_gps_package:::::
	cpe:2.3:o:debian:debian_linux:0.9.2::woody_gps_package:::::
	cpe:2.3:o:debian:debian_linux:0.9.3::woody_gps_package:::::
	cpe:2.3:o:debian:debian_linux:0.9.4::woody_gps_package:::::

History

20 Nov 2024, 23:44

Type	Values Removed	Values Added
References	~~() http://gps.seul.org/changelog.html - Patch~~	() http://gps.seul.org/changelog.html - Patch
References	~~() http://www.debian.org/security/2003/dsa-307 - Patch, Vendor Advisory~~	() http://www.debian.org/security/2003/dsa-307 - Patch, Vendor Advisory

Information

Published : 2003-06-09 04:00

Updated : 2024-11-20 23:44

NVD link : CVE-2003-0361

Mitre link : CVE-2003-0361

CVE.ORG link : CVE-2003-0361

JSON object : View

Products Affected

debian

debian_linux

CWE

NVD-CWE-Other

{"id": "CVE-2003-0361", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-06-09T04:00:00.000", "references": [{"url": "http://gps.seul.org/changelog.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2003/dsa-307", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://gps.seul.org/changelog.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2003/dsa-307", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp."}, {"lang": "es", "value": "gPS anterior a 1.1.0 no sigue correctamente la pol\u00edtica rgpsp de aceptaci\u00f3n de fuente de conexi\u00f3n tal y como se especifica en el fichero rgpsp.conf, lo que podr\u00eda permitir a atacantes remotos no autorizados a conectarse a rgpsp"}], "lastModified": "2024-11-20T23:44:33.593", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:0.9.1:*:woody_gps_package:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA406AE4-7F84-4DC7-8454-249B7F16BE00"}, {"criteria": "cpe:2.3:o:debian:debian_linux:0.9.2:*:woody_gps_package:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE4E5A13-9D8D-47DA-BE8A-18F4C8F88F2C"}, {"criteria": "cpe:2.3:o:debian:debian_linux:0.9.3:*:woody_gps_package:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A99BBA6-DFB9-4450-9C43-E612991C73EF"}, {"criteria": "cpe:2.3:o:debian:debian_linux:0.9.4:*:woody_gps_package:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68B9AEF1-8D70-422E-8F9D-739BB3CBE1F3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}