Debian Security Advisory
DSA-005-1 slocate -- local exploit
- Date Reported:
- 17 Dec 2000
- Affected Packages:
- slocate
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2001-0066.
- More information:
- Michel Kaempf reported a security problem in slocate (a
secure version of locate, a tool to quickly locate files on a filesystem) on
bugtraq which was originally discovered by zorgon. He discovered there was a
bug in the database reading code which made it overwrite an internal structure
with some input. He then showed this could be exploited to trick slocate into
executing arbitrary code by pointing it to a carefully crafted database.
This has been fixed in version 2.4-2potato1 and we recommend that you upgrade your slocate package immediately.
- Fixed in:
-
Debian 2.2 (potato)
- Source:
-
http://security.debian.org/dists/stable/updates/main/source/slocate_2.4-2potato1.diff.gz
-
http://security.debian.org/dists/stable/updates/main/source/slocate_2.4-2potato1.dsc
-
http://security.debian.org/dists/stable/updates/main/source/slocate_2.4.orig.tar.gz
- alpha:
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/slocate_2.4-2potato1_alpha.deb
- arm:
-
http://security.debian.org/dists/stable/updates/main/binary-arm/slocate_2.4-2potato1_arm.deb
- i386:
-
http://security.debian.org/dists/stable/updates/main/binary-i386/slocate_2.4-2potato1_i386.deb
- m68k:
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/slocate_2.4-2potato1_m68k.deb
- powerpc:
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/slocate_2.4-2potato1_powerpc.deb
- sparc:
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/slocate_2.4-2potato1_sparc.deb