CVE-2003-0056

Current Description

Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.

Basic Data

PublishedFebruary 19, 2003
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSlocateSlocate2.5*******
    2.3ApplicationSlocateSlocate2.6*******

Vulnerable Software List

VendorProductVersions
Slocate Slocate 2.5, 2.6

References

NameSourceURLTags
CSSA-2003-009.0ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-009.0.txtCALDERA
20040202-01-Uftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.ascSGI
20030124 [USG- SA- 2003.001] USG Security Advisory (slocate)http://marc.info/?l=bugtraq&m=104342864418213&w=2BUGTRAQ
20030125 Re: [USG- SA- 2003.001] USG Security Advisory (slocate)http://marc.info/?l=bugtraq&m=104348607205691&w=2BUGTRAQ
20030202 GLSA: slocatehttp://marc.info/?l=bugtraq&m=104428624705363&w=2BUGTRAQ
RHSA-2004:041http://rhn.redhat.com/errata/RHSA-2004-041.htmlREDHAT
10720http://secunia.com/advisories/10720SECUNIA
7947http://secunia.com/advisories/7947SECUNIA
7982http://secunia.com/advisories/7982SECUNIA
8007http://secunia.com/advisories/8007SECUNIA
8118http://secunia.com/advisories/8118/SECUNIA
8236http://secunia.com/advisories/8236SECUNIA
8749http://secunia.com/advisories/8749SECUNIA
DSA-252http://www.debian.org/security/2003/dsa-252DEBIANPatch Vendor Advisory
MDKSA-2003:015http://www.mandriva.com/security/advisories?name=MDKSA-2003:015MANDRAKE
CLA-2003:643http://www.net-security.org/advisory.php?id=2010CONECTIVA
http://www.usg.org.uk/advisories/2003.001.txthttp://www.usg.org.uk/advisories/2003.001.txtMISCVendor Advisory
oval:org.mitre.oval:def:11369https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11369OVAL