7.2 - RHSA-2004:041

Executive Summary

Summary
Title	Updated slocate packages fix vulnerabilities

Informations
Name	RHSA-2004:041	First vendor Publication	2004-01-21
Vendor	RedHat	Last vendor Modification	2004-01-21
Severity (Vendor)	N/A	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	7.2	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	3.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2004-041.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11033

Oval ID:	oval:org.mitre.oval:def:11033
Title:	Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
Description:	Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0848	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND slocate is earlier than 0:2.7-3

Definition Id: oval:org.mitre.oval:def:11369

Oval ID:	oval:org.mitre.oval:def:11369
Title:	Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.
Description:	Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0056	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND slocate is earlier than 0:2.7-3

Definition Id: oval:org.mitre.oval:def:821

Oval ID:	oval:org.mitre.oval:def:821
Title:	slocate Privilege Escalation Vulnerability
Description:	Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2003-0848	Version:	2
Platform(s):	Red Hat Linux 9	Product(s):	slocate
Definition Synopsis:
Software section Red Hat 9 is installed AND ix86 architecture AND slocate version is less than 2.7-2 AND Configuration section /usr/bin/slocate is setgid /usr/bin/slocate is setgid AND /usr/bin/slocate is setgid

CPE : Common Platform Enumeration

Type	Description	Count
Application	Slocate cpe:2.3:a:slocate:slocate:2.6:::::::* cpe:2.3:a:slocate:slocate:2.5:::::::* cpe:2.3:a:slocate:slocate:2.4:::::::* cpe:2.3:a:slocate:slocate:2.3:::::::* cpe:2.3:a:slocate:slocate:2.2:::::::* cpe:2.3:a:slocate:slocate:2.1:::::::*	6

OpenVAS Exploits

Date	Description
2008-01-17	Name : Debian Security Advisory DSA 252-1 (slocate) File : nvt/deb_252_1.nasl
2008-01-17	Name : Debian Security Advisory DSA 428-1 (slocate) File : nvt/deb_428_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
6200	slocate Negative pathlen Database Modification Overflow
6198	slocate -c and -r Argument Command Line Overflow A local overflow exists in slocate. The slocate fails to validate the -c and -r parameters. By sending long (1024+ bytes string) -c or -r command line arguments, a local attacker can overflow the buffer and execute arbitrary code, resulting in a loss of integrity.

Nessus® Vulnerability Scanner

Date	Description
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-252.nasl - Type : ACT_GATHER_INFO
2004-09-29	Name : The remote Debian host is missing a security-related update. File : debian_DSA-428.nasl - Type : ACT_GATHER_INFO
2004-07-31	Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2003-015.nasl - Type : ACT_GATHER_INFO
2004-07-31	Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2004-004.nasl - Type : ACT_GATHER_INFO
2004-07-23	Name : The remote Fedora Core host is missing a security update. File : fedora_2004-059.nasl - Type : ACT_GATHER_INFO
2004-07-06	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-041.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:48:21	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	3
CPE ID(s)	6
osvdb(s)	2
Openvas Exploit(s)	2
Nessus® Exploit(s)	6

	Related
7.2	CVE-2003-0056
4.6	CVE-2003-0848
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

Copyright Security-Database 2006-2025 - Powered by themself ;) in 0.0400s

Facebook rss twitter linkedin mail