CVE-2003-0848
published 2003-11-17CVE-2003-0848: Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that…
PriorityP419medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.94%
56.6th percentile
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| slocate | slocate | — | — |
| slocate | slocate | — | — |
| slocate | slocate | — | — |
| slocate | slocate | — | — |
| slocate | slocate | — | — |
| slocate | slocate | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pv8c-73v5-8vpj: Heap-based buffer overflow in main
ghsa_unreviewed·2022-05-03
CVE-2003-0848 [MEDIUM] GHSA-pv8c-73v5-8vpj: Heap-based buffer overflow in main
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
Red Hat
security flaw
vendor_redhat·2003-10-06·CVSS 4.6
CVE-2003-0848 [MEDIUM] security flaw
security flaw
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
No detection rules found.
Bugzilla
CVE-2003-0848 security flaw
bugzilla·2018-08-16·CVSS 4.6
CVE-2003-0848 [MEDIUM] CVE-2003-0848 security flaw
CVE-2003-0848 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
Bugzilla
CAN-2003-0848 slocate buffer overflow
bugzilla·2004-01-21
[MEDIUM] CAN-2003-0848 slocate buffer overflow
CAN-2003-0848 slocate buffer overflow
A heap-based buffer overflow in slocate can allow local users to gain
"slocate" privileges via a modified slocate database that causes a
negative "pathlen" value.
Discussion:
Um, I think you have the wrong CVE name; it is CAN-2003-0848... :-)
---
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2004-040.html
Bugzilla
CAN-2003-0848 slocate buffer overflow
bugzilla·2004-01-21
[MEDIUM] CAN-2003-0848 slocate buffer overflow
CAN-2003-0848 slocate buffer overflow
A heap-based buffer overflow in slocate can allow local users to gain
"slocate" privileges via a modified slocate database that causes a
negative "pathlen" value.
CAN-2003-0848 Affects: 2.1AS 2.1AW 2.1ES 2.1WS
CAN-2003-0848 Affects: 3AS 3ES 3WS
Discussion:
You might want to fix the CVE name in the summary (it should be
'8*4*8)... :-)
---
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2004-041.html
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-001.0/CSSA-2004-001.0.txtftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.ascftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.aschttp://marc.info/?l=bugtraq&m=106546447321274&w=2http://marc.info/?l=bugtraq&m=106589631819348&w=2http://rhn.redhat.com/errata/RHSA-2004-040.htmlhttp://secunia.com/advisories/10670http://secunia.com/advisories/10683http://secunia.com/advisories/10686http://secunia.com/advisories/10698http://secunia.com/advisories/10702http://secunia.com/advisories/10720http://secunia.com/advisories/10722http://secunia.com/advisories/9962/http://www.debian.org/security/2004/dsa-428http://www.ebitech.sk/patrik/SA/SA-20031006-A.txthttp://www.ebitech.sk/patrik/SA/SA-20031006.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2004:004http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00009.htmlhttp://www.redhat.com/support/errata/RHSA-2004-041.htmlhttp://www.trustix.org/errata/misc/2004/TSL-2004-0005-slocate.asc.txthttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11033https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A821ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-001.0/CSSA-2004-001.0.txtftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.ascftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.aschttp://marc.info/?l=bugtraq&m=106546447321274&w=2http://marc.info/?l=bugtraq&m=106589631819348&w=2http://rhn.redhat.com/errata/RHSA-2004-040.htmlhttp://secunia.com/advisories/10670http://secunia.com/advisories/10683http://secunia.com/advisories/10686http://secunia.com/advisories/10698http://secunia.com/advisories/10702http://secunia.com/advisories/10720http://secunia.com/advisories/10722http://secunia.com/advisories/9962/http://www.debian.org/security/2004/dsa-428http://www.ebitech.sk/patrik/SA/SA-20031006-A.txthttp://www.ebitech.sk/patrik/SA/SA-20031006.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2004:004http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00009.htmlhttp://www.redhat.com/support/errata/RHSA-2004-041.htmlhttp://www.trustix.org/errata/misc/2004/TSL-2004-0005-slocate.asc.txthttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11033https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A821
2003-11-17
Published