Executive Summary
| Summary | |
|---|---|
| Title | slocate vulnerability |
| Informations | |||
|---|---|---|---|
| Name | USN-425-1 | First vendor Publication | 2007-02-22 |
| Vendor | Ubuntu | Last vendor Modification | 2007-02-22 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory's "read" bits. This could result in filenames being displayed when the file owner had expected them to remain hidden from other system users. |
Original Source
| Url : http://www.ubuntu.com/usn/USN-425-1 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-09-10 | Name : Slackware Advisory SSA:2012-244-05 slocate File : nvt/esoft_slk_ssa_2012_244_05.nasl |
| 2009-03-23 | Name : Ubuntu Update for slocate vulnerability USN-425-1 File : nvt/gb_ubuntu_USN_425_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 33465 | slocate Protected Directory File Name Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_slocate_20140415.nasl - Type : ACT_GATHER_INFO |
| 2012-09-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-244-05.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-425-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:04:11 |
|
