Vulnerabilities > CVE-2003-0034 - Buffer Overflow vulnerability in Jean-Jacques Sarton Mtink 0.9.32/0.9.33/0.9.52
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
| description | MTink 0.9.x Printer Status Monitor Environment Variable Buffer Overflow Vulnerability. CVE-2003-0034. Local exploit for linux platform |
| id | EDB-ID:22189 |
| last seen | 2016-02-02 |
| modified | 2003-01-21 |
| published | 2003-01-21 |
| reporter | Karol Wiesek |
| source | https://www.exploit-db.com/download/22189/ |
| title | MTink 0.9.x Printer Status Monitor Environment Variable Buffer Overflow Vulnerability |
Nessus
| NASL family | Mandriva Local Security Checks |
| NASL id | MANDRAKE_MDKSA-2003-010.NASL |
| description | Karol Wiesek and iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 13995 |
| published | 2004-07-31 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/13995 |
| title | Mandrake Linux Security Advisory : printer-drivers (MDKSA-2003:010) |