Published: 04/06/2007 Updated: 16/10/2018

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils prior to 4.2.31 might allow context-dependent malicious users to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu findutils 4.2.29
gnu findutils 4.2.30
gnu findutils 4.0
gnu findutils 4.1
gnu findutils 4.2.28

Debian Bug report logs - #426862 CVE-2007-2452 -- heap overflow in locate Package: findutils; Maintainer for findutils is Andreas Metzler <ametzler@debianorg>; Source for findutils is src:findutils (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Date: Thu, 31 May 2007 11:15:07 UTC Severity: imp ...

NVD-CWE-Other http://www.securityfocus.com/bid/24250 http://secunia.com/advisories/25477 http://www.securitytracker.com/id?1018183 http://securityreason.com/securityalert/2760 http://osvdb.org/36827 http://secunia.com/advisories/40551 http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 http://www.vupen.com/english/advisories/2010/1796 http://www.vupen.com/english/advisories/2007/2015 https://exchange.xforce.ibmcloud.com/vulnerabilities/34628 http://www.securityfocus.com/archive/1/470108/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=426862 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-2452

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect