Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1036

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2001-1036
Last Modified 05 Sep 2008 04:25:31
Published 31 Aug 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1036

Summary

GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.

Vulnerable Systems

Operating System

  • Slackware Linux 7.1

  • Slackware Linux 8.0

Application

  • Gnu Findutils 4.0

  • Gnu Findutils 4.1


References

XF - locate-command-execution(6932)

BID - 3127

BUGTRAQ - 20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate

OSVDB - 5477


Last Updated: 27 May 2016 10:36:30