- Home
- CVEs with nessus.description==Updated slocate packages are now available that fix vulnerabilities allowing a local user to gain 'slocate' group privileges.
Slocate is a security-enhanced version of locate, designed to find files on a system via a central database.
Patrik Hornik discovered a vulnerability in Slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. A local user could exploit this vulnerability to gain 'slocate' group privileges and then read the entire slocate database. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0848 to this issue.
Users of Slocate should upgrade to these erratum packages, which contain Slocate version 2.7 with the addition of a patch from Kevin Lindsay that causes slocate to drop privileges before reading a user-supplied database.
For Red Hat Enterprise Linux 2.1 these packages also fix a buffer overflow that affected unpatched versions of Slocate prior to 2.7.
This vulnerability could also allow a local user to gain 'slocate' group privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0056 to this issue.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top