What is the severity of CVE-2003-0620?

CVE-2003-0620 has a high severity rating due to its potential to allow local users to escalate privileges.

How do I fix CVE-2003-0620?

To fix CVE-2003-0620, upgrade to a patched version of man-db that addresses the identified buffer overflow vulnerabilities.

Which versions of man-db are affected by CVE-2003-0620?

CVE-2003-0620 affects man-db versions 2.4.1 and earlier, including 2.3.18 to 2.3.20.

Who is the vendor associated with CVE-2003-0620?

The vendor associated with CVE-2003-0620 is Andries Brouwer, the maintainer of the man utility.

Is CVE-2003-0620 a remote or local vulnerability?

CVE-2003-0620 is a local vulnerability that can be exploited by users with access to the system.

Vulnerability/
CVE-2003-0620

medium

4.6

CWE

NVD-CWE-Other 119

1/8/2003

8/8/2024

CVE-2003-0620: Buffer Overflow

First published: Fri Aug 01 2003(Updated: )

Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Andries Brouwer Man	=2.3.20
Andries Brouwer Man	=2.4.1
Andries Brouwer Man	=2.3.19
Andries Brouwer Man	=2.3.18
Andries Brouwer Man	=2.4

Remedy

http://www.debian.org/security/2003/dsa-364

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2003-0620?
CVE-2003-0620 has a high severity rating due to its potential to allow local users to escalate privileges.
How do I fix CVE-2003-0620?
To fix CVE-2003-0620, upgrade to a patched version of man-db that addresses the identified buffer overflow vulnerabilities.
Which versions of man-db are affected by CVE-2003-0620?
CVE-2003-0620 affects man-db versions 2.4.1 and earlier, including 2.3.18 to 2.3.20.
Who is the vendor associated with CVE-2003-0620?
The vendor associated with CVE-2003-0620 is Andries Brouwer, the maintainer of the man utility.
Is CVE-2003-0620 a remote or local vulnerability?
CVE-2003-0620 is a local vulnerability that can be exploited by users with access to the system.

collector/nvd-historical
collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/references
agent/weakness
agent/remedy
agent/last-modified-date
agent/tags
agent/first-publish-date
agent/event
agent/description
agent/source
vendor/andries brouwer
canonical/andries brouwer man
version/andries brouwer man/2.3.20
version/andries brouwer man/2.4.1
version/andries brouwer man/2.3.19
version/andries brouwer man/2.3.18
version/andries brouwer man/2.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.