CVE-2003-0848

slocate 2.6 - Heap-Based Buffer Overflow via Modified Database

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0848. PoCs published by Patrik Hornik.

AI-analyzed exploit summary This exploit targets a local off-by-one heap overflow in slocate (CVE-2003-0848) to achieve privilege escalation. It crafts a malicious database file to overwrite critical memory addresses and execute arbitrary shellcode.

Description

Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Patrik Hornik · clocallinux
https://www.exploit-db.com/exploits/23228

This exploit targets a local off-by-one heap overflow in slocate (CVE-2003-0848) to achieve privilege escalation. It crafts a malicious database file to overwrite critical memory addresses and execute arbitrary shellcode.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Theoretical
Target: slocate (version not specified)
No auth needed
Prerequisites: Local access to the target system · Ability to write a malicious database file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (23)

Core 23
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2004-040.html
Various Sources x_refsource_misc
http://www.ebitech.sk/patrik/SA/SA-20031006.txt
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-428
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106589631819348&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10683
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/9962/
Vendor Advisory vendor-advisory x_refsource_fedora
http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00009.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11033
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10670
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106546447321274&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10698
Vendor Advisory vendor-advisory x_refsource_trustix
http://www.trustix.org/errata/misc/2004/TSL-2004-0005-slocate.asc.txt
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A821
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10702
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-041.html
Various Sources x_refsource_misc
http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10720
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10686
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10722
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:004

Scores

EPSS 0.0094
EPSS Percentile 56.5%

Details

Status published
Products (6)
slocate/slocate 2.1
slocate/slocate 2.2
slocate/slocate 2.3
slocate/slocate 2.4
slocate/slocate 2.5
slocate/slocate 2.6
Published Nov 17, 2003
Tracked Since Feb 18, 2026