Vulnerabilities > CVE-2001-1036

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

gnu

slackware

exploit available

NVD

Published: 2001-08-31

Updated: 2017-10-10

Summary

GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Findutils 4.0 GNU Findutils 4.1	2
OS	Slackware Slackware Slackware Linux 7.1 Slackware Slackware Linux 8.0	2

Exploit-Db

description	GNU findutils 4.0/4.1 Locate Arbitrary Command Execution Vulnerability. CVE-2001-1036. Local exploit for linux platform
id	EDB-ID:21043
last seen	2016-02-02
modified	2001-08-01
published	2001-08-01
reporter	Josh Smith
source	https://www.exploit-db.com/download/21043/
title	GNU findutils 4.0/4.1 Locate Arbitrary Command Execution Vulnerability

Vulnerabilities > CVE-2001-1036 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2001-1036"}]}

Summary

Vulnerable Configurations

Exploit-Db

References

Vulnerabilities > CVE-2001-1036