Lucene search
HistoryAug 27, 2003 - 4:00 a.m.
CVE-2003-0645
cve-2003-0645
man-db
privilege escalation
local exploit
nvd
6.7 Medium
AI Score
Confidence
Low
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
0.4%
man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.
| CPE | Name | Operator | Version |
|---|---|---|---|
| andries_brouwer:man | andries brouwer man | eq | 2.3.20 |
| andries_brouwer:man | andries brouwer man | eq | 2.4.1 |
Related
debiancve
debiancve
CVE-2003-0645
2003-08-27 04:00:00
debian
debian
nessus
nessus
Debian DSA-364-3 : man-db - buffer overflows, arbitrary command execution
2004-09-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 364-1 (man-db)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-364)
2008-01-17 00:00:00
osv
osv
man-db - buffer overflows, arbitrary command execution
2003-08-04 00:00:00
6.7 Medium
AI Score
Confidence
Low
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
0.4%
Related for CVE-2003-0645