[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] slocate bugs

To: linux-security
Subject: [linux-security] slocate bugs
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 20 Dec 2000 17:25:48 -0800
User-Agent: Mutt/1.2i

Topic
=====
local exploit in slocate

Problem Description
===================
slocate (a secure version of locate, a tool to quickly locate files on
a filesystem) has a bug in the database reading code which made it overwrite
an internal structure with some input. This then can be exploited
to trick slocate into executing arbitrary code by pointing it to a
carefully crafted database.

Affected Systems
================
Systems that have slocate installed with version < 2.4

Solution
========
upgrade to version 2.4

RedHat 6.x
rpm -Fvh slocate-2.4-0.6.x.i386.rpm

RedHat 7.0
rpm -Fvh slocate-2.4-1.i386.rpm

Debian 2.2 (potato)
upgrade to slocate_2.4-2potato1_i386.deb

Mandrake 6.x, 7.0, 7.1
rpm -Fvh slocate-2.4-1.2mdk.i586.rpm

Mandrake 7.2
rpm -Fvh slocate-2.4-1.1mdk.i586.rpm

Prev by Date: [linux-security] ed symlink vulnerability
Next by Date: [linux-security] gnupg bugs
Prev by thread: [linux-security] gnupg bugs
Next by thread: [linux-security] ed symlink vulnerability
Index(es):
- Date
- Thread