3 matches found
Mandrake Linux Security Advisory : slocate (MDKSA-2003:015)
A buffer overflow vulnerability was discovered in slocate by team USG. The overflow appears when slocate is used with the -c and -r parameters, using a 1024 or 10240 byte string. This has been corrected in slocate version 2.7. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...
RHEL 2.1 / 3 : slocate (RHSA-2004:041)
Updated slocate packages are now available that fix vulnerabilities allowing a local user to gain 'slocate' group privileges. Slocate is a security-enhanced version of locate, designed to find files on a system via a central database. Patrik Hornik discovered a vulnerability in Slocate versions u...
CVE-2003-0056
CVE-2003-0056 concerns slocate, a secure locate replacement. A buffer overflow in the setuid/write path of slocate can be triggered by long -c or -r arguments, enabling a local user to execute arbitrary code. Vulnerable in slocate up to version 2.7; the issue is mitigated by upgrading to 2.7 with...