{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value \"unsafe,\" which is then executed as a program via a system call if it is in the search path of the user who runs man."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2004-08-11T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030311 Vulnerability in man < 1.5l", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=104740927915154&w=2"}, {"name": "man-myxsprintf-code-execution(11512)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11512"}, {"name": "CLSA-2003:620", "tags": ["vendor-advisory", "x_refsource_CONECTIVA"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620"}, {"name": "7066", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/7066"}, {"name": "RHSA-2003:134", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-134.html"}, {"name": "GLSA-200303-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://marc.info/?l=bugtraq&m=104802285112752&w=2"}, {"name": "RHSA-2003:133", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2003-133.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0124", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value \"unsafe,\" which is then executed as a program via a system call if it is in the search path of the user who runs man."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030311 Vulnerability in man < 1.5l", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=104740927915154&w=2"}, {"name": "man-myxsprintf-code-execution(11512)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11512"}, {"name": "CLSA-2003:620", "refsource": "CONECTIVA", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620"}, {"name": "7066", "refsource": "BID", "url": "http://www.securityfocus.com/bid/7066"}, {"name": "RHSA-2003:134", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-134.html"}, {"name": "GLSA-200303-13", "refsource": "GENTOO", "url": "http://marc.info/?l=bugtraq&m=104802285112752&w=2"}, {"name": "RHSA-2003:133", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2003-133.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:43:35.900Z"}, "title": "CVE Program Container", "references": [{"name": "20030311 Vulnerability in man < 1.5l", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=104740927915154&w=2"}, {"name": "man-myxsprintf-code-execution(11512)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11512"}, {"name": "CLSA-2003:620", "tags": ["vendor-advisory", "x_refsource_CONECTIVA", "x_transferred"], "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620"}, {"name": "7066", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/7066"}, {"name": "RHSA-2003:134", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2003-134.html"}, {"name": "GLSA-200303-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=104802285112752&w=2"}, {"name": "RHSA-2003:133", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2003-133.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0124", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2003-03-12T00:00:00", "dateUpdated": "2024-08-08T01:43:35.900Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:andries_brouwer:man:1.5h1:*:*:*:*:*:*:*", "matchCriteriaId": "C6255D5B-2C0B-491F-B5E0-77D1F0E5C0DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:andries_brouwer:man:1.5i:*:*:*:*:*:*:*", "matchCriteriaId": "1BA4BFF6-A90C-43FE-AE11-7494A588EBB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:andries_brouwer:man:1.5i2:*:*:*:*:*:*:*", "matchCriteriaId": "F6A56F3E-EA10-464B-ACD3-92B89471CA68", "vulnerable": true}, {"criteria": "cpe:2.3:a:andries_brouwer:man:1.5j:*:*:*:*:*:*:*", "matchCriteriaId": "8390CF3E-84F0-4D79-9DF9-7A7F19DDFC2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:andries_brouwer:man:1.5k:*:*:*:*:*:*:*", "matchCriteriaId": "DCD60C2A-A24C-40F1-8949-482B6A294DA7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value \"unsafe,\" which is then executed as a program via a system call if it is in the search path of the user who runs man."}, {"lang": "es", "value": "man anterior a 1.51 permite a atacantes ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero man con comillas mal colocadas, lo que causa que la funci\u00f3n my_xsprintf devuelva una cadena con el valor \"unsafe\", que es entonces ejecutado como un programa mediante una llamada al sistema si se encuentra en la ruta de b\u00fasqueda del usuario que ejecuta man."}], "id": "CVE-2003-0124", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-03-18T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=104740927915154&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=104802285112752&w=2"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-133.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2003-134.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/7066"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11512"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=104740927915154&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=104802285112752&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-133.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2003-134.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/7066"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11512"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2003:134", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1", "release_date": "2003-04-28T00:00:00Z"}, {"advisory": "RHSA-2003:134", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux ES version 2.1", "release_date": "2003-04-28T00:00:00Z"}, {"advisory": "RHSA-2003:134", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux WS version 2.1", "release_date": "2003-04-28T00:00:00Z"}, {"advisory": "RHSA-2003:133", "cpe": "cpe:/o:redhat:linux:7.1", "product_name": "Red Hat Linux 7.1", "release_date": "2003-05-01T00:00:00Z"}, {"advisory": "RHSA-2003:133", "cpe": "cpe:/o:redhat:linux:7.2", "product_name": "Red Hat Linux 7.2", "release_date": "2003-05-01T00:00:00Z"}, {"advisory": "RHSA-2003:133", "cpe": "cpe:/o:redhat:linux:7.3", "product_name": "Red Hat Linux 7.3", "release_date": "2003-05-01T00:00:00Z"}, {"advisory": "RHSA-2003:133", "cpe": "cpe:/o:redhat:linux:8.0", "product_name": "Red Hat Linux 8.0", "release_date": "2003-05-01T00:00:00Z"}, {"advisory": "RHSA-2003:134", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Linux Advanced Workstation 2.1", "release_date": "2003-04-28T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1616969", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616969"}, "csaw": false, "details": ["man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value \"unsafe,\" which is then executed as a program via a system call if it is in the search path of the user who runs man."], "name": "CVE-2003-0124", "public_date": "2003-03-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2003-0124\nhttps://nvd.nist.gov/vuln/detail/CVE-2003-0124"], "threat_severity": "Low"}