Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1814

6 documents4 sources

Severity

4.6MEDIUM

EPSS

0.3%

top 51.43%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mandrakesoft Mandrake Linux Redhat Linux Slackware Slackware Linux

Timeline

PublishedDec 31

Latest updateApr 30

Description

Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

▶NVDredhat/linux6.2, 7.0, 7.1+2

▶NVDslackware/slackware_linux8.0

▶NVDmandrakesoft/mandrake_linux7.1, 8.0, 9.0+2

🔴Vulnerability Details

GHSA

GHSA-vp7p-xxwx-6643: Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments↗2022-04-30

▶

CVEList

CVE-2002-1814: Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments↗2005-06-28

▶

💥Exploits & PoCs

Exploit-DB

Mandrake 7/8/9 / RedHat 6.x/7 Bonobo EFSTool - Commandline Argument Buffer Overflow (1)↗2002-06-29

▶

Exploit-DB

Mandrake 7/8/9 / RedHat 6.x/7 Bonobo EFSTool - Commandline Argument Buffer Overflow (2)↗2002-06-29

▶

Exploit-DB

Mandrake 7/8/9 / RedHat 6.x/7 Bonobo EFSTool - Commandline Argument Buffer Overflow (3)↗2002-06-29

▶