Executive Summary
| Summary | |
|---|---|
| Title | slocate security update |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2005:345 | First vendor Publication | 2005-09-28 |
| Vendor | RedHat | Last vendor Modification | 2005-09-28 |
| Severity (Vendor) | Low | Revision | 02 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: An updated slocate package that fixes a denial of service and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Slocate is a security-enhanced version of locate. Like locate, slocate searches through a central database (updated nightly) for files that match a given pattern. Slocate allows you to quickly find files anywhere on your system. A bug was found in the way slocate scans the local filesystem. A carefully prepared directory structure could cause updatedb's file system scan to fail silently, resulting in an incomplete slocate database. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2499 to this issue. Additionally this update addresses the following issues: - - Files with a size of 2 GB and larger were not entered into the slocate - - File system type exclusions were processed only when starting updatedb - - File system type exclusions were ignored for file systems that were - - Databases created by slocate were owned by the slocate group even if they Users of slocate are advised to upgrade to this updated package, which contains backported patches and is not affected by these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/): 132571 - Files > 2 GB are not entered into slocate data base 139950 - slocate collects .automount files over nfs 169453 - CAN-2005-2499 slocate DOS |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2005-345.html |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:9538 | |||
| Oval ID: | oval:org.mitre.oval:def:9538 | ||
| Title: | slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure. | ||
| Description: | slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-2499 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 6 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 19034 | slocate Crafted Long Directory Structure DoS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-07-05 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-346.nasl - Type : ACT_GATHER_INFO |
| 2006-07-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-345.nasl - Type : ACT_GATHER_INFO |
| 2005-10-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-346.nasl - Type : ACT_GATHER_INFO |
| 2005-10-05 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-147.nasl - Type : ACT_GATHER_INFO |
| 2005-10-05 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-345.nasl - Type : ACT_GATHER_INFO |
| 2005-08-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-770.nasl - Type : ACT_GATHER_INFO |
| 2005-08-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-771.nasl - Type : ACT_GATHER_INFO |
| 2005-08-23 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-747.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:49:14 |
|
