Vulnerabilities > CVE-2003-0620 - Unspecified vulnerability in Andries Brouwer MAN
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description | ManDB Utility 2.3/2.4 Local Buffer Overflow Vulnerabilities. CVE-2003-0620. Local exploit for linux platform |
id | EDB-ID:22971 |
last seen | 2016-02-02 |
modified | 2003-07-29 |
published | 2003-07-29 |
reporter | V9 |
source | https://www.exploit-db.com/download/22971/ |
title | ManDB Utility 2.3/2.4 - Local Buffer Overflow Vulnerabilities |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-364.NASL |
description | man-db provides the standard man(1) command on Debian systems. During configuration of this package, the administrator is asked whether man(1) should run setuid to a dedicated user ( |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 15201 |
published | 2004-09-29 |
reporter | This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/15201 |
title | Debian DSA-364-3 : man-db - buffer overflows, arbitrary command execution |