CVE-2007-0227

low

Description

slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.

References

http://www.ubuntu.com/usn/usn-425-1

http://www.securityfocus.com/bid/21989

http://www.securityfocus.com/archive/1/464220/30/7320/threaded

http://www.securityfocus.com/archive/1/456739/100/0/threaded

http://www.securityfocus.com/archive/1/456593/100/0/threaded

http://www.securityfocus.com/archive/1/456530/100/0/threaded

http://www.securityfocus.com/archive/1/456489/100/0/threaded

http://osvdb.org/33465

Details

Source: Mitre, NVD

Published: 2007-01-13

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 3.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Low

EPSS

EPSS: 0.00403

Detections

Analytics