CVE-2003-0620

2003-08-2704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2003

0620

buffer overflows

man-db

local users

privileges

security vulnerability

nvd

6.9 Medium

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

0.4%

JSON

Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.

CPENameOperatorVersion
andries_brouwer:manandries brouwer maneq2.3.20
andries_brouwer:manandries brouwer maneq2.4.1
andries_brouwer:manandries brouwer maneq2.3.19
andries_brouwer:manandries brouwer maneq2.3.18
andries_brouwer:manandries brouwer maneq2.4

CPE	Name	Operator	Version
andries_brouwer:man	andries brouwer man	eq	2.3.20
andries_brouwer:man	andries brouwer man	eq	2.4.1
andries_brouwer:man	andries brouwer man	eq	2.3.19
andries_brouwer:man	andries brouwer man	eq	2.3.18
andries_brouwer:man	andries brouwer man	eq	2.4