ID CVE-2003-0848
Summary Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
References
Vulnerable Configurations
  • cpe:2.3:a:slocate:slocate:2.1
    cpe:2.3:a:slocate:slocate:2.1
  • cpe:2.3:a:slocate:slocate:2.2
    cpe:2.3:a:slocate:slocate:2.2
  • cpe:2.3:a:slocate:slocate:2.3
    cpe:2.3:a:slocate:slocate:2.3
  • cpe:2.3:a:slocate:slocate:2.4
    cpe:2.3:a:slocate:slocate:2.4
  • cpe:2.3:a:slocate:slocate:2.5
    cpe:2.3:a:slocate:slocate:2.5
  • cpe:2.3:a:slocate:slocate:2.6
    cpe:2.3:a:slocate:slocate:2.6
CVSS
Base: 4.6 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description SLocate 2.6 User-Supplied Database Heap Overflow Vulnerability. CVE-2003-0848. Local exploit for linux platform
id EDB-ID:23228
last seen 2016-02-02
modified 2003-10-06
published 2003-10-06
reporter Patrik Hornik
source https://www.exploit-db.com/download/23228/
title SLocate 2.6 User-Supplied Database Heap Overflow Vulnerability
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-428.NASL
    description A vulnerability was discovered in slocate, a program to index and search for files, whereby a specially crafted database could overflow a heap-based buffer. This vulnerability could be exploited by a local attacker to gain the privileges of the 'slocate' group, which can access the global database containing a list of pathnames of all files on the system, including those which should only be visible to privileged users. This problem, and a category of potential similar problems, have been fixed by modifying slocate to drop privileges before reading a user-supplied database.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15265
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15265
    title Debian DSA-428-1 : slocate - buffer overflow
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-041.NASL
    description Updated slocate packages are now available that fix vulnerabilities allowing a local user to gain 'slocate' group privileges. Slocate is a security-enhanced version of locate, designed to find files on a system via a central database. Patrik Hornik discovered a vulnerability in Slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. A local user could exploit this vulnerability to gain 'slocate' group privileges and then read the entire slocate database. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0848 to this issue. Users of Slocate should upgrade to these erratum packages, which contain Slocate version 2.7 with the addition of a patch from Kevin Lindsay that causes slocate to drop privileges before reading a user-supplied database. For Red Hat Enterprise Linux 2.1 these packages also fix a buffer overflow that affected unpatched versions of Slocate prior to 2.7. This vulnerability could also allow a local user to gain 'slocate' group privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0056 to this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 12457
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12457
    title RHEL 2.1 / 3 : slocate (RHSA-2004:041)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2004-059.NASL
    description Patrik Hornik discovered a vulnerability in Slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. A local user could exploit this vulnerability to gain 'slocate' group privileges and then read the entire slocate database. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0848 to this issue. Users of Slocate should upgrade to these packages which contain a patch from Kevin Lindsay which causes slocate to drop privileges before reading a user-supplied database. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 13672
    published 2004-07-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13672
    title Fedora Core 1 : slocate-2.7-4 (2004-059)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-004.NASL
    description A vulnerability was discovered by Patrik Hornik in slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. This could be exploited by a local user to gain privileges of the 'slocate' group. The updated packages contain a patch from Kevin Lindsay that causes slocate to drop privileges before reading a user-supplied database.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14104
    published 2004-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14104
    title Mandrake Linux Security Advisory : slocate (MDKSA-2004:004)
oval via4
  • accepted 2013-04-29T04:10:55.131-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
    family unix
    id oval:org.mitre.oval:def:11033
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
    version 23
  • accepted 2007-04-25T19:52:56.173-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Matt Busby
      organization The MITRE Corporation
    • name Thomas R. Jones
      organization Maitreya Security
    description Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
    family unix
    id oval:org.mitre.oval:def:821
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title slocate Privilege Escalation Vulnerability
    version 33
redhat via4
advisories
  • rhsa
    id RHSA-2004:040
  • rhsa
    id RHSA-2004:041
refmap via4
bugtraq
  • 20031006 SA-20031006 slocate vulnerability
  • 20031011 SA-20031006 slocate buffer overflow - exploitation proof
debian DSA-428
fedora FEDORA-2004-059
mandrake MDKSA-2004:004
misc
sco CSSA-2004-001.0
secunia
  • 10670
  • 10683
  • 10686
  • 10698
  • 10702
  • 10720
  • 10722
  • 9962
sgi
  • 20040201-01-U
  • 20040202-01-U
trustix 2004-0005
Last major update 17-10-2016 - 22:37
Published 17-11-2003 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top