Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0645

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2003-0645
Last Modified 23 Oct 2008 12:28:25
Published 27 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0645

Summary

man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.

Vulnerable Systems

Application

  • Andries Brouwer Man 2.3.20

  • Andries Brouwer Man 2.4.1


References

DEBIAN - DSA-364

XF - mandb-opencatstream-gain-privileges(12848)

BID - 8352

BUGTRAQ - 20030806 man-db[v2.4.1-]: open_cat_stream() privileged call exploit.


Last Updated: 27 May 2016 10:38:00