CVE-2007-0227

Published Jan 13, 2007

Last updated 6 years ago

Overview

Description: slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Vendor comments

Red HatNot vulnerable. This issue did not affect the versions of slocate as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
MandrivaNot vulnerable. This issue does not affect the versions of slocate as shipped with Mandriva Linux 2007.0 or earlier.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:slocate:slocate:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8B136A0-E32C-45BA-96BB-5E89651D09D0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Vendor comments

Configurations

References