slocate Local Buffer Overrun Vulnerability

Bugtraq ID:	6676
Class:	Boundary Condition Error
CVE:	CAN-2003-0056
Remote:	No
Local:	Yes
Published:	Jan 24 2003 12:00AM
Updated:	Jan 24 2003 12:00AM
Credit:	The discovery of this vulnerability has been credited to the USG team.
Vulnerable:	Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Workstation 6.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Turbolinux Server 6.5 Turbolinux Turbolinux Server 6.1 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux Advanced Server 6.0 slocate slocate 2.6 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Workstation 3.1.1 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Gentoo Linux 1.4 _rc2 + Gentoo Linux 1.4 _rc1 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 9.2 amd64 + MandrakeSoft Linux Mandrake 9.2 + MandrakeSoft Linux Mandrake 9.1 ppc + MandrakeSoft Linux Mandrake 9.1 + RedHat Linux 9.0 i386 + RedHat Linux 8.0 i386 + RedHat Linux 7.3 i386 + RedHat Linux 7.2 i386 + Trustix Secure Linux 2.0 + Trustix Secure Linux 1.5 slocate slocate 2.5 SGI ProPack 2.4 SGI ProPack 2.3

Not Vulnerable:	slocate slocate 2.7 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 10.2 x86_64 + MandrakeSoft Linux Mandrake 10.2 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 slocate slocate 2.1 + RedHat Linux 6.2