CVE-2007-2452
Published Jun 4, 2007
Last updated 6 years ago
Overview
- Description
- Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Vendor comments
- Red HatNot vulnerable. Red Hat did not ship GNU locate in Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue does not affect the ’mlocate’ or ’slocate’ packages that are supplied with Red Hat Enterprise Linux.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:findutils:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CA98BAA-CDE7-4255-B4A9-926CA2BF9783"
},
{
"criteria": "cpe:2.3:a:gnu:findutils:4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82F0B7F9-8A8E-4717-9C78-A26141AC66BC"
},
{
"criteria": "cpe:2.3:a:gnu:findutils:4.2.28:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F259F661-06F3-48A9-96B5-C50A3D96E441"
},
{
"criteria": "cpe:2.3:a:gnu:findutils:4.2.29:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B462C06B-B665-4B56-9A93-3F96C328C72A"
},
{
"criteria": "cpe:2.3:a:gnu:findutils:4.2.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC81E4F7-6889-490C-9F11-79A5D693F695"
}
],
"operator": "OR"
}
]
}
]