23 matches found
EUVD-2003-0321
Malware in sbrugna...
EUVD-2003-0839
Malware in sbrugna...
EUVD-2007-0229
Malware in sbrugna...
EUVD-2005-2500
Malware in sbrugna...
Ubuntu Update for slocate vulnerability USN-425-1
Ubuntu Update for Linux kernel vulnerabilities USN-425-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4251.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for slocate vulnerability USN-425-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
Ubuntu 6.06 LTS / 6.10 : slocate vulnerability (USN-425-1)
A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory's 'read' bits. This could result in filenames being displayed when the file owner had expected them to remain hidden from other system users. No...
Code injection
slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7...
CVE-2007-0227
slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7...
[Full-disclosure] MDKSA-2005:147 - Updated slocate packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Update Advisory Package name: slocate Advisory ID: MDKSA-2005:147 Date: August 22nd, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 Problem Description: A bug was discovered in the way that slocat...
Debian DSA-428-1 : slocate - buffer overflow
A vulnerability was discovered in slocate, a program to index and search for files, whereby a specially crafted database could overflow a heap-based buffer. This vulnerability could be exploited by a local attacker to gain the privileges of the 'slocate' group, which can access the global databas...
Debian DSA-252-1 : slocate - buffer overflow
A problem has been discovered in slocate, a secure locate replacement. A buffer overflow in the setgid program slocate can be used to execute arbitrary code as group slocate. This can be used to alter the slocate database. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text...
Mandrake Linux Security Advisory : slocate (MDKSA-2004:004)
A vulnerability was discovered by Patrik Hornik in slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. This could be exploited by a local user to gain privileges of the 'slocate' group. The updated packages contain a patch from Kevin...
Fedora Core 1 : slocate-2.7-4 (2004-059)
Patrik Hornik discovered a vulnerability in Slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. A local user could exploit this vulnerability to gain 'slocate' group privileges and then read the entire slocate database. The Common...
[SECURITY] [DSA 428-1] New slocate packages fix buffer overflow
-------------------------------------------------------------------------- Debian Security Advisory DSA 428-1 [email protected] http://www.debian.org/security/ Matt Zimmerman January 20th, 2004 http://www.debian.org/security/faq -...
DSA-428 slocate - buffer overflow
Bulletin has no description...
CVE-2003-0848
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used...
SA-20031006 slocate buffer overflow - exploitation proof
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ====================================================================== Security advisory 20031006 - Appendix A proof of concept - ---------------------------------------------------------------------- Product: slocate Vulnerability type: buffer overfl...
SA-20031006 slocate vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ====================================================================== Security advisory 20031006 - ---------------------------------------------------------------------- Product: slocate Vulnerability type: buffer overflow corrupt heap Extended type:...
SLocate 2.6 - User-Supplied Database Heap Overflow
SLocate 2.6 - User-Supplied Database Heap Overflow // source: https://www.securityfocus.com/bid/8780/info It has been reported that a local off-by-one heap overflow exists in the handling of user-supplied databases by slocate. Because of this, an attacker may be able to gain elevated privileges...
CVE-2003-0326
Integer overflow in parsedecodepath of slocate may allow attackers to execute arbitrary code via a LOCATEPATH with a large number of ":" colon characters, whose count is used in a call to malloc...