CVE-2001-1036

GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.

Published: Aug 31, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-1036
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
gnu / findutils	4.1	4.1.x
gnu / findutils	4.0	4.0.x
slackware / slackware_linux	8.0	8.0.x
slackware / slackware_linux	7.1	7.1.x

http://www.osvdb.org/5477
http://www.securityfocus.com/archive/1/200991
http://www.securityfocus.com/bid/3127
https://exchange.xforce.ibmcloud.com/vulnerabilities/6932

Vulnerability Database

289,689

CVE-2001-1036