Vulnerabilities > CVE-2001-1036
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| OS | 2 |
Exploit-Db
| description | GNU findutils 4.0/4.1 Locate Arbitrary Command Execution Vulnerability. CVE-2001-1036. Local exploit for linux platform |
| id | EDB-ID:21043 |
| last seen | 2016-02-02 |
| modified | 2001-08-01 |
| published | 2001-08-01 |
| reporter | Josh Smith |
| source | https://www.exploit-db.com/download/21043/ |
| title | GNU findutils 4.0/4.1 Locate Arbitrary Command Execution Vulnerability |
References
- http://www.osvdb.org/5477
- http://www.osvdb.org/5477
- http://www.securityfocus.com/archive/1/200991
- http://www.securityfocus.com/archive/1/200991
- http://www.securityfocus.com/bid/3127
- http://www.securityfocus.com/bid/3127
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6932
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6932