Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0848

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2003-0848
Last Modified 21 Aug 2010 12:16:51
Published 17 Nov 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-0848

Summary

Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.

Vulnerable Systems

Application

  • Slocate 2.1

  • Slocate 2.2

  • Slocate 2.3

  • Slocate 2.4

  • Slocate 2.5

  • Slocate 2.6


References

DEBIAN - DSA-428

TRUSTIX - 2004-0005

REDHAT - RHSA-2004:041

MISC - http://www.ebitech.sk/patrik/SA/SA-20031006.txt

MISC - http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt

BUGTRAQ - 20031011 SA-20031006 slocate buffer overflow - exploitation proof

BUGTRAQ - 20031006 SA-20031006 slocate vulnerability

SGI - 20040201-01-U

SCO - CSSA-2004-001.0

FEDORA - FEDORA-2004-059

MANDRAKE - MDKSA-2004:004

SECUNIA - 9962

SECUNIA - 10722

SECUNIA - 10720

SECUNIA - 10702

SECUNIA - 10698

SECUNIA - 10686

SECUNIA - 10683

SECUNIA - 10670

REDHAT - RHSA-2004:040

SGI - 20040202-01-U


Last Updated: 27 May 2016 10:38:05