CVE-2003-0620 - Vulnerability Details - OpenCVE

Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00167.

Key SSVC decision points have not yet been added.

Vendors	Products
Andries Brouwer Subscribe	Man Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:andries_brouwer:man:2.3.18:::::::*
	cpe:2.3:a:andries_brouwer:man:2.3.19:::::::*
	cpe:2.3:a:andries_brouwer:man:2.3.20:::::::*
	cpe:2.3:a:andries_brouwer:man:2.4:::::::*
	cpe:2.3:a:andries_brouwer:man:2.4.1:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2003-0614	Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://marc.info/?l=bugtraq&m=105951284512898&w=2
http://marc.info/?l=bugtraq&m=105960276803617&w=2
http://www.debian.org/security/2003/dsa-364

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2003-08-01T04:00:00

Updated: 2024-08-08T01:58:11.113Z

Reserved: 2003-07-31T00:00:00

Link: CVE-2003-0620

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2003-08-27T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2003-0620

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2003-07-29T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-10-17T13:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20030729 man-db[] multiple(4) vulnerabilities.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105951284512898&w=2"}, {"name": "20030730 Re: man-db[] multiple(4) vulnerabilities.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=105960276803617&w=2"}, {"name": "DSA-364", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2003/dsa-364"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2003-0620", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20030729 man-db[] multiple(4) vulnerabilities.", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105951284512898&w=2"}, {"name": "20030730 Re: man-db[] multiple(4) vulnerabilities.", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=105960276803617&w=2"}, {"name": "DSA-364", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2003/dsa-364"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:58:11.113Z"}, "title": "CVE Program Container", "references": [{"name": "20030729 man-db[] multiple(4) vulnerabilities.", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=105951284512898&w=2"}, {"name": "20030730 Re: man-db[] multiple(4) vulnerabilities.", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=105960276803617&w=2"}, {"name": "DSA-364", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2003/dsa-364"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2003-0620", "datePublished": "2003-08-01T04:00:00", "dateReserved": "2003-07-31T00:00:00", "dateUpdated": "2024-08-08T01:58:11.113Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:andries_brouwer:man:2.3.18:*:*:*:*:*:*:*", "matchCriteriaId": "4AEEC77C-F935-486B-A250-D23C778A8D2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:andries_brouwer:man:2.3.19:*:*:*:*:*:*:*", "matchCriteriaId": "EAEC6AB2-E460-4573-A681-88721E4D5381", "vulnerable": true}, {"criteria": "cpe:2.3:a:andries_brouwer:man:2.3.20:*:*:*:*:*:*:*", "matchCriteriaId": "D70D290B-A5FF-4DC9-A2D9-3437BCC76515", "vulnerable": true}, {"criteria": "cpe:2.3:a:andries_brouwer:man:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "59B2AE4F-A643-422E-B511-AAD2C02F6BB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:andries_brouwer:man:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "E89EF8A0-FD92-4A37-9882-2E633ED038E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer en man-db 2.4.1 y anteriores, cuando se instala con setuid, permite a usuarios locales ganar privilegios mediante:\r\nlos argumentos MANDATORY_MANPATH, MANPATH_MAP, y MANDB_MAP a add_dirlist en ult_src.c,\r\nun nombre de ruta largo a ult_scr en ult_src.c\r\nun argumento .so largo a test_for_include en ult_src.c\r\nuna variable de entorno MANPATH larga, \r\nuna variable de entorno PATH larga."}], "id": "CVE-2003-0620", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2003-08-27T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105951284512898&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=105960276803617&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2003/dsa-364"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=105951284512898&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=105960276803617&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2003/dsa-364"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}