CVE-2003-0620

Name of the Vulnerable Software and Affected Versions: man-db versions 2.4.1 and earlier

Description: The issue concerns buffer overflows that can be exploited by local users to gain privileges. This can occur through various means, including the MANDATORY MANPATH, MANPATH MAP, and MANDB MAP arguments to the add to dirlist function in manp.c, a long pathname to ult src in ult src.c, a long .so argument to test for include in ult src.c, a long MANPATH environment variable, or a long PATH environment variable.

Recommendations: For man-db versions 2.4.1 and earlier, consider removing the setuid bit to prevent privilege escalation until a patch is available. As a temporary workaround, restrict the use of the add to dirlist function, ult src function, and test for include function to minimize the risk of exploitation. Avoid using long pathnames, .so arguments, MANPATH environment variables, or PATH environment variables in the affected functions until the issue is resolved.