Vulnerability Details : CVE-2007-0227
slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.
Products affected by CVE-2007-0227
- cpe:2.3:a:slocate:slocate:3.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0227
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0227
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2007-0227
-
Red Hat 2007-01-18Not vulnerable. This issue did not affect the versions of slocate as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
-
Mandriva 2007-01-19Not vulnerable. This issue does not affect the versions of slocate as shipped with Mandriva Linux 2007.0 or earlier.
References for CVE-2007-0227
-
http://www.ubuntu.com/usn/usn-425-1
-
http://www.securityfocus.com/archive/1/456593/100/0/threaded
-
http://www.securityfocus.com/bid/21989
-
http://www.securityfocus.com/archive/1/464220/30/7320/threaded
-
http://www.securityfocus.com/archive/1/456739/100/0/threaded
-
http://www.securityfocus.com/archive/1/456530/100/0/threaded
-
http://www.securityfocus.com/archive/1/456489/100/0/threaded
Jump to