Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities found for findutils by gnu

    CVE-2007-2452 (GCVE-0-2007-2452)

    Vulnerability from nvd – Published: 2007-06-04 16:00 – Updated: 2024-08-07 13:42
    VLAI
    Summary
    Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://itrc.hp.com/service/cki/docDisplay.do?docI… vendor-advisoryx_refsource_HP
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/2015 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/40551 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/36827 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/470108/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/25477 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/2760 third-party-advisoryx_refsource_SREASON
    http://www.vupen.com/english/advisories/2010/1796 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1018183 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/24250 vdb-entryx_refsource_BID
    Date Public
    2007-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:42:33.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SSRT100018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
              },
              {
                "name": "findutils-filename-bo(34628)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34628"
              },
              {
                "name": "HPSBMA02554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
              },
              {
                "name": "ADV-2007-2015",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2015"
              },
              {
                "name": "40551",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40551"
              },
              {
                "name": "36827",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36827"
              },
              {
                "name": "20070530 GNU Findutils release 4.2.31 fixes CVE-2007-2452 (GNU locate heap buffer overrun)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/470108/100/0/threaded"
              },
              {
                "name": "25477",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25477"
              },
              {
                "name": "2760",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2760"
              },
              {
                "name": "ADV-2010-1796",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1796"
              },
              {
                "name": "1018183",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018183"
              },
              {
                "name": "24250",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24250"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "SSRT100018",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
            },
            {
              "name": "findutils-filename-bo(34628)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34628"
            },
            {
              "name": "HPSBMA02554",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
            },
            {
              "name": "ADV-2007-2015",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2015"
            },
            {
              "name": "40551",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40551"
            },
            {
              "name": "36827",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36827"
            },
            {
              "name": "20070530 GNU Findutils release 4.2.31 fixes CVE-2007-2452 (GNU locate heap buffer overrun)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/470108/100/0/threaded"
            },
            {
              "name": "25477",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25477"
            },
            {
              "name": "2760",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2760"
            },
            {
              "name": "ADV-2010-1796",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1796"
            },
            {
              "name": "1018183",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018183"
            },
            {
              "name": "24250",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24250"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2007-2452",
        "datePublished": "2007-06-04T16:00:00.000Z",
        "dateReserved": "2007-05-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:42:33.417Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1036 (GCVE-0-2001-1036)

    Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 04:44
    VLAI
    Summary
    GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/3127 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/200991 mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/5477 vdb-entryx_refsource_OSVDB
    Date Public
    2001-08-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:44:06.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "locate-command-execution(6932)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6932"
              },
              {
                "name": "3127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3127"
              },
              {
                "name": "20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/200991"
              },
              {
                "name": "5477",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/5477"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-08-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-02-06T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "locate-command-execution(6932)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6932"
            },
            {
              "name": "3127",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3127"
            },
            {
              "name": "20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/200991"
            },
            {
              "name": "5477",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/5477"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1036",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "locate-command-execution(6932)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6932"
                },
                {
                  "name": "3127",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3127"
                },
                {
                  "name": "20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/200991"
                },
                {
                  "name": "5477",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/5477"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1036",
        "datePublished": "2003-04-02T05:00:00.000Z",
        "dateReserved": "2002-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:44:06.643Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2452 (GCVE-0-2007-2452)

    Vulnerability from cvelistv5 – Published: 2007-06-04 16:00 – Updated: 2024-08-07 13:42
    VLAI
    Summary
    Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://itrc.hp.com/service/cki/docDisplay.do?docI… vendor-advisoryx_refsource_HP
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.vupen.com/english/advisories/2007/2015 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/40551 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/36827 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/archive/1/470108/100… mailing-listx_refsource_BUGTRAQ
    http://secunia.com/advisories/25477 third-party-advisoryx_refsource_SECUNIA
    http://securityreason.com/securityalert/2760 third-party-advisoryx_refsource_SREASON
    http://www.vupen.com/english/advisories/2010/1796 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1018183 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/24250 vdb-entryx_refsource_BID
    Date Public
    2007-05-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:42:33.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "SSRT100018",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
              },
              {
                "name": "findutils-filename-bo(34628)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34628"
              },
              {
                "name": "HPSBMA02554",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
              },
              {
                "name": "ADV-2007-2015",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2015"
              },
              {
                "name": "40551",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40551"
              },
              {
                "name": "36827",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36827"
              },
              {
                "name": "20070530 GNU Findutils release 4.2.31 fixes CVE-2007-2452 (GNU locate heap buffer overrun)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/470108/100/0/threaded"
              },
              {
                "name": "25477",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25477"
              },
              {
                "name": "2760",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2760"
              },
              {
                "name": "ADV-2010-1796",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/1796"
              },
              {
                "name": "1018183",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018183"
              },
              {
                "name": "24250",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24250"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "SSRT100018",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
            },
            {
              "name": "findutils-filename-bo(34628)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34628"
            },
            {
              "name": "HPSBMA02554",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
            },
            {
              "name": "ADV-2007-2015",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2015"
            },
            {
              "name": "40551",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40551"
            },
            {
              "name": "36827",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36827"
            },
            {
              "name": "20070530 GNU Findutils release 4.2.31 fixes CVE-2007-2452 (GNU locate heap buffer overrun)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/470108/100/0/threaded"
            },
            {
              "name": "25477",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25477"
            },
            {
              "name": "2760",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2760"
            },
            {
              "name": "ADV-2010-1796",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1796"
            },
            {
              "name": "1018183",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018183"
            },
            {
              "name": "24250",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24250"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2007-2452",
        "datePublished": "2007-06-04T16:00:00.000Z",
        "dateReserved": "2007-05-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:42:33.417Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1036 (GCVE-0-2001-1036)

    Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 04:44
    VLAI
    Summary
    GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/3127 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/200991 mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/5477 vdb-entryx_refsource_OSVDB
    Date Public
    2001-08-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:44:06.643Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "locate-command-execution(6932)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6932"
              },
              {
                "name": "3127",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3127"
              },
              {
                "name": "20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/200991"
              },
              {
                "name": "5477",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/5477"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-08-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-02-06T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "locate-command-execution(6932)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6932"
            },
            {
              "name": "3127",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3127"
            },
            {
              "name": "20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/200991"
            },
            {
              "name": "5477",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/5477"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1036",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "locate-command-execution(6932)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6932"
                },
                {
                  "name": "3127",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3127"
                },
                {
                  "name": "20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/200991"
                },
                {
                  "name": "5477",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/5477"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1036",
        "datePublished": "2003-04-02T05:00:00.000Z",
        "dateReserved": "2002-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:44:06.643Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }