Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0620

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2003-0620
Last Modified 10 Sep 2008 03:19:52
Published 27 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0620

Summary

Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.

Vulnerable Systems

Application

  • Andries Brouwer Man 2.3.18

  • Andries Brouwer Man 2.3.19

  • Andries Brouwer Man 2.3.20

  • Andries Brouwer Man 2.4

  • Andries Brouwer Man 2.4.1


References

DEBIAN - DSA-364

BUGTRAQ - 20030730 Re: man-db[] multiple(4) vulnerabilities.

BUGTRAQ - 20030729 man-db[] multiple(4) vulnerabilities.


Last Updated: 27 May 2016 10:37:59