Vulnerability CVE-2007-2452

Vulnerability Name:

CVE-2007-2452 (CCN-34628)

Assigned:

2007-05-30

Published:

2007-05-30

Updated:

2018-10-16

Summary:

Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.

CVSS v3 Severity:

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: BugTraq Mailing List, Wed May 30 2007 - 17:27:53 CDT
GNU Findutils release 4.2.31 fixes CVE-2007-2452 (GNU locate heap buffer overrun)

Source: MITRE
Type: CNA
CVE-2007-2452

Source: CCN
Type: GNU findutils FTP Web site
Index of /pub/gnu/findutils

Source: CCN
Type: HP Security Bulletin HPSBMA02554 SSRT100018
HP Insight Control for Linux, Remote Execution of Arbitrary Code, Remote Denial of Service (DoS), Remote Unauthorized Access

Source: HP
Type: UNKNOWN
SSRT100018

Source: OSVDB
Type: UNKNOWN
36827

Source: CCN
Type: SA25477
GNU findutils locate Long Path Buffer Overflow Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
25477

Source: CCN
Type: SA40551
HP Insight Control Suite For Linux Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
40551

Source: SREASON
Type: UNKNOWN
2760

Source: CCN
Type: SECTRACK ID: 1018183
GNU locate Filename Buffer Overflow Lets Local Users Execute Arbitrary Code

Source: CCN
Type: OSVDB ID: 36827
GNU findutils locate/locate.c visit_old_format Function Overflow

Source: BUGTRAQ
Type: UNKNOWN
20070530 GNU Findutils release 4.2.31 fixes CVE-2007-2452 (GNU locate heap buffer overrun)

Source: BID
Type: Patch
24250

Source: CCN
Type: BID-24250
GNU Locate Old Format Locate Database Local Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018183

Source: VUPEN
Type: UNKNOWN
ADV-2007-2015

Source: VUPEN
Type: UNKNOWN
ADV-2010-1796

Source: XF
Type: UNKNOWN
findutils-filename-bo(34628)

Source: XF
Type: UNKNOWN
findutils-filename-bo(34628)

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:findutils:4.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:findutils:4.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:findutils:4.2.28:*:*:*:*:*:*:*

OR cpe:/a:gnu:findutils:4.2.29:*:*:*:*:*:*:*

OR cpe:/a:gnu:findutils:4.2.30:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:findutils:4.0:*:*:*:*:*:*:*

OR cpe:/a:gnu:findutils:4.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:findutils:4.2.28:*:*:*:*:*:*:*

OR cpe:/a:gnu:findutils:4.2.29:*:*:*:*:*:*:*

OR cpe:/a:gnu:findutils:4.2.30:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20072452	V	CVE-2007-2452	2022-06-30
oval:org.opensuse.security:def:42303	P	Security update for the Linux Kernel (Important)	2022-06-24
oval:org.opensuse.security:def:112231	P	findutils-4.8.0-2.15 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26222	P	Security update for virglrenderer (Important) (in QA)	2022-01-17
oval:org.opensuse.security:def:31375	P	Security update for libvirt (Important)	2022-01-10
oval:org.opensuse.security:def:31324	P	Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:26178	P	Security update for the Linux Kernel (Important)	2021-12-02
oval:org.opensuse.security:def:33050	P	Security update for the Linux Kernel (Important)	2021-11-30
oval:org.opensuse.security:def:26164	P	Security update for MozillaFirefox (Important)	2021-11-17
oval:org.opensuse.security:def:32202	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:105761	P	findutils-4.8.0-2.15 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:32183	P	Security update for gtk-vnc (Moderate)	2021-09-16
oval:org.opensuse.security:def:31680	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:26125	P	Security update for grilo (Important)	2021-09-09
oval:org.opensuse.security:def:31678	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:31251	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:26101	P	Security update for php74 (Important)	2021-08-06
oval:org.opensuse.security:def:31232	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:42104	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:26076	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:32117	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:36126	P	findutils-4.4.0-38.26.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42533	P	findutils-4.4.0-38.26.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:31619	P	Security update for python3 (Important)	2021-05-17
oval:org.opensuse.security:def:31166	P	Security update for tomcat (Important)	2021-04-29
oval:org.opensuse.security:def:32078	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:31165	P	Security update for gdm (Important)	2021-04-28
oval:org.opensuse.security:def:31604	P	Security update for spamassassin (Important)	2021-04-12
oval:org.opensuse.security:def:26024	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:31363	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31364	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:33089	P	Security update for python-cryptography (Important)	2021-03-02
oval:org.opensuse.security:def:31730	P	Security update for bind (Important)	2021-02-18
oval:org.opensuse.security:def:32258	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:31729	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:31673	P	Security update for openvswitch (Important)	2021-02-02
oval:org.opensuse.security:def:32139	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:31624	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:31177	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:31100	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:25980	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:35896	P	findutils-4.4.0-38.26.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32821	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:35546	P	findutils-4.4.0-38.24.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:41953	P	findutils-4.4.0-38.24.11 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35697	P	findutils-4.4.0-38.26.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25966	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:31026	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31381	P	Security update for openssl1 (Important)	2020-12-01
oval:org.opensuse.security:def:31880	P	Security update for dhcpcd (Important)	2020-12-01
oval:org.opensuse.security:def:32623	P	MozillaFirefox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31475	P	Security update for procps (Moderate)	2020-12-01
oval:org.opensuse.security:def:32029	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31581	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:32368	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:32046	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25829	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25173	P	Security update for ant (Moderate)	2020-12-01
oval:org.opensuse.security:def:25523	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:26697	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25260	P	Security update for libzypp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25590	P	Security update for dovecot22 (Important)	2020-12-01
oval:org.opensuse.security:def:26860	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25447	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:25731	P	Security update for memcached (Moderate)	2020-12-01
oval:org.opensuse.security:def:26305	P	Security update for python-setuptools (Moderate)	2020-12-01
oval:org.opensuse.security:def:26451	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25675	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25879	P	Security update for pidgin-otr (Important)	2020-12-01
oval:org.opensuse.security:def:31790	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:31468	P	Security update for powerpc-utils	2020-12-01
oval:org.opensuse.security:def:31919	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:32662	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31532	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:32412	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:31592	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:31810	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25727	P	Security update for libzypp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25873	P	Security update for libcares2 (Low)	2020-12-01
oval:org.opensuse.security:def:25097	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:25301	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:25825	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:25324	P	Security update for bcm43xx-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:25674	P	Security update for the Linux Kernel (Moderate)	2020-12-01
oval:org.opensuse.security:def:26895	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25458	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:25788	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:26354	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27089	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25676	P	Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25960	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:31834	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:31014	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31775	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:31941	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:32860	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32307	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:31593	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:31902	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:25776	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26511	P	Security update for icingaweb2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25098	P	Security update for python-numpy (Important)	2020-12-01
oval:org.opensuse.security:def:25382	P	Security update for squid (Critical)	2020-12-01
oval:org.opensuse.security:def:25878	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25248	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25452	P	Security update for libssh2_org (Moderate)	2020-12-01
oval:org.opensuse.security:def:26023	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:25522	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:25872	P	Security update for ImageMagick (Important)	2020-12-01
oval:org.opensuse.security:def:26393	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27124	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25687	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:26017	P	Security update for gnome-shell (Low)	2020-12-01
oval:org.opensuse.security:def:32472	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:31015	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31831	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:31985	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:31383	P	Security update for openvpn (Important)	2020-12-01
oval:org.opensuse.security:def:31973	P	Security update for jakarta-taglibs-standard (Important)	2020-12-01
oval:org.opensuse.security:def:31449	P	Security update for postgresql10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31817	P	Security update for atftp (Important)	2020-12-01
oval:org.opensuse.security:def:32346	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31959	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25815	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26546	P	findutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25109	P	Security update for audit (Moderate)	2020-12-01
oval:org.opensuse.security:def:25439	P	Security update for libpcap (Important)	2020-12-01
oval:org.opensuse.security:def:25927	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26662	P	PackageKit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25249	P	Security update for librsvg (Moderate)	2020-12-01
oval:org.opensuse.security:def:25533	P	Security update for ed (Low)	2020-12-01
oval:org.opensuse.security:def:25446	P	Security update for nfs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:25650	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:26252	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26407	P	Security update for libmad (Moderate)	2020-12-01
oval:org.opensuse.security:def:25751	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:31768	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32511	P	findutils on GA media (Moderate)	2020-12-01

BACK