CVE-2003-0645
First published: Thu Aug 14 2003(Updated: )
man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Andries Brouwer Man | =2.3.20 | |
| Andries Brouwer Man | =2.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-0645?
CVE-2003-0645 is classified as a high severity vulnerability that allows local users to gain privileges.
How do I fix CVE-2003-0645?
To fix CVE-2003-0645, update the man-db package to versions later than 2.4.1.
What versions are affected by CVE-2003-0645?
CVE-2003-0645 affects man-db versions 2.3.12, 2.3.18, 2.3.20, and up to 2.4.1.
Who is affected by CVE-2003-0645?
Local users on systems running vulnerable versions of man-db are impacted by CVE-2003-0645.
What is the cause of CVE-2003-0645?
CVE-2003-0645 is caused by man-db processing user-controlled DEFINE directives from the ~/.manpath file when running setuid.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/andries brouwer
- canonical/andries brouwer man
- version/andries brouwer man/2.3.20
- version/andries brouwer man/2.4.1