Vulnerabilities > CVE-2003-0620 - Unspecified vulnerability in Andries Brouwer MAN
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Exploit-Db
| description | ManDB Utility 2.3/2.4 Local Buffer Overflow Vulnerabilities. CVE-2003-0620. Local exploit for linux platform |
| id | EDB-ID:22971 |
| last seen | 2016-02-02 |
| modified | 2003-07-29 |
| published | 2003-07-29 |
| reporter | V9 |
| source | https://www.exploit-db.com/download/22971/ |
| title | ManDB Utility 2.3/2.4 - Local Buffer Overflow Vulnerabilities |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-364.NASL |
| description | man-db provides the standard man(1) command on Debian systems. During configuration of this package, the administrator is asked whether man(1) should run setuid to a dedicated user ( |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 15201 |
| published | 2004-09-29 |
| reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/15201 |
| title | Debian DSA-364-3 : man-db - buffer overflows, arbitrary command execution |