Executive Summary

Summary
Title New slocate packages fix buffer overflow
Informations
Name DSA-428 First vendor Publication 2004-01-20
Vendor Debian Last vendor Modification 2004-01-20
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability was discovered in slocate, a program to index and search for files, whereby a specially crafted database could overflow a heap-based buffer. This vulnerability could be exploited by a local attacker to gain the privileges of the "slocate" group, which can access the global database containing a list of pathnames of all files on the system, including those which should only be visible to privileged users.

This problem, and a category of potential similar problems, have been fixed by modifying slocate to drop privileges before reading a user-supplied database.

For the current stable distribution (woody) this problem has been fixed in version 2.6-1.3.2.

For the unstable distribution (sid) this problem will be fixed soon. Refer to Debian bug #226103 for status information.

We recommend that you update your slocate package.

Original Source

Url : http://www.debian.org/security/2004/dsa-428

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11033
 
Oval ID: oval:org.mitre.oval:def:11033
Title: Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
Description: Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
Family: unix Class: vulnerability
Reference(s): CVE-2003-0848
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:821
 
Oval ID: oval:org.mitre.oval:def:821
Title: slocate Privilege Escalation Vulnerability
Description: Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
Family: unix Class: vulnerability
Reference(s): CVE-2003-0848
 Version: 2
Platform(s): Red Hat Linux 9
 Product(s): slocate
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6

OpenVAS Exploits

Date Description
2008-01-17 Name : Debian Security Advisory DSA 428-1 (slocate)
File : nvt/deb_428_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
6200 slocate Negative pathlen Database Modification Overflow

Nessus® Vulnerability Scanner

Date Description
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-428.nasl - Type : ACT_GATHER_INFO
2004-07-31 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2004-004.nasl - Type : ACT_GATHER_INFO
2004-07-23 Name : The remote Fedora Core host is missing a security update.
File : fedora_2004-059.nasl - Type : ACT_GATHER_INFO
2004-07-06 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2004-041.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:33:02
  • Multiple Updates