FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-2452

This CVE name corresponds to:

Entered Topic
2007-06-01 findutils -- GNU locate heap buffer overrun

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-2452 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-2452
Phase Assigned(20070502)

Description

Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.

References

Source Reference
BUGTRAQ 20070530 GNU Findutils release 4.2.31 fixes CVE-2007-2452 (GNU locate heap buffer overrun)
HP HPSBMA02554
HP SSRT100018
BID 24250
SECUNIA 40551
VUPEN ADV-2007-2015
OSVDB 36827
SECTRACK 1018183
SECUNIA 25477
SREASON 2760
VUPEN ADV-2010-1796
XF findutils-filename-bo(34628)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.