• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

slocate Local Buffer Overrun Vulnerability

Solution:
SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below.

Turbolinux have released an advisory (TLSA-2004-6) and fixes to address this issue. Affected users are advised to apply the appropriate updates as soon as possible. Further information regarding obtaining and applying these updates can be found in the referenced advisory. Fixes are linked below.

Mandrake Linux has released Fixes and an Advisory.

Gentoo Linux has released an advisory. Users who have installed sys-apps/slocate are advised to upgrade to slocate-2.7 by issuing the following commands:

emerge sync
emerge -u slocate
emerge clean

SGI has released an advisory 20040201-01-U with a patch to address this and other issues. Please see the referenced advisory for more information.

Fedora has released advisory FLSA:1232 to address this issue in Red Hat Linux 7.2, 7.3, and 8.0.

Fixes available:


Turbolinux Turbolinux Desktop 10.0

• Turbolinux slocate-2.7-5.i586.rpm
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/upd ates/RPMS/slocate-2.7-5.i586.rpm

SGI ProPack 2.3

• SGI patch10050.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.3/patch1 0050.tar.gz

SGI ProPack 2.4

• SGI patch10044.tar.gz
  ftp://patches.sgi.com/support/free/security/patches/ProPack/2.4/patch1 0044.tar.gz

slocate slocate 2.5

• Mandrake slocate-2.7-1.1mdk.i586.rpm
  Mandrake Linux 8.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake slocate-2.7-1.1mdk.i586.rpm
  Mandrake Linux 8.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake slocate-2.7-1.1mdk.ia64.rpm
  Mandrake Linux 8.1/IA64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake slocate-2.7-1.1mdk.ppc.rpm
  Mandrake Linux 8.0/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake slocate-2.7-1.1mdk.src.rpm
  Mandrake Linux 8.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake slocate-2.7-1.1mdk.src.rpm
  Mandrake Linux 8.0/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake slocate-2.7-1.1mdk.src.rpm
  Mandrake Linux 8.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake slocate-2.7-1.1mdk.src.rpm
  Mandrake Linux 8.1/IA64
  http://www.mandrakesecure.net/en/ftp.php

slocate slocate 2.6

• Conectiva slocate-2.7-1U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/slocate-2.7-1U60_1cl.i386 .rpm


• Conectiva slocate-2.7-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/slocate-2.7-1U70_1cl.i386 .rpm


• Conectiva slocate-2.7-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/slocate-2.7-1U80_1cl.i386.r pm


• Debian slocate_2.6-1.3.1.woody_alpha.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3 .1_alpha.deb


• Debian slocate_2.6-1.3.1.woody_arm.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3 .1_arm.deb


• Debian slocate_2.6-1.3.1.woody_hppa.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3 .1_hppa.deb


• Debian slocate_2.6-1.3.1.woody_i386.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3 .1_i386.deb


• Debian slocate_2.6-1.3.1.woody_ia64.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3 .1_ia64.deb


• Debian slocate_2.6-1.3.1.woody_m68k.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3 .1_m68k.deb


• Debian slocate_2.6-1.3.1.woody_mips.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3 .1_mips.deb


• Debian slocate_2.6-1.3.1.woody_mipsel.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3 .1_mipsel.deb


• Debian slocate_2.6-1.3.1.woody_powerpc.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3 .1_powerpc.deb


• Debian slocate_2.6-1.3.1.woody_s390.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3 .1_s390.deb


• Debian slocate_2.6-1.3.1.woody_sparc.deb
  Debian GNU/Linux 3.0 alias woody.
  http://security.debian.org/pool/updates/main/s/slocate/slocate_2.6-1.3 .1_sparc.deb


• Fedora slocate-2.7-1.7.2.legacy.i386.rpm
  http://download.fedoralegacy.org/redhat/7.2/updates/i386/slocate-2.7-1 .7.2.legacy.i386.rpm


• Fedora slocate-2.7-1.7.3.legacy.i386.rpm
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/slocate-2.7-1 .7.3.legacy.i386.rpm


• Fedora slocate-2.7-1.8.0.legacy.i386.rpm
  http://download.fedoralegacy.org/redhat/8.0/updates/i386/slocate-2.7-1 .8.0.legacy.i386.rpm


• Mandrake slocate-2.7-1.1mdk.i586.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake slocate-2.7-1.1mdk.ppc.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake slocate-2.7-1.1mdk.src.rpm
  Mandrake Linux 8.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake slocate-2.7-1.1mdk.src.rpm
  Mandrake Linux 8.2/PPC
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake slocate-2.7-1.2mdk.i586.rpm
  Mandrake Linux 9.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake slocate-2.7-1.2mdk.src.rpm
  Mandrake Linux 9.0
  http://www.mandrakesecure.net/en/ftp.php


• SCO slocate-2.6-3.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-009.0/R PMS/slocate-2.6-3.i386.rpm


• SCO slocate-2.6-3.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-00 9.0/RPMS/slocate-2.6-3.i386.rpm


• SCO slocate-2.6-3.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-009.0/RPM S/slocate-2.6-3.i386.rpm


• SCO slocate-2.6-3.i386.rpm
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-009. 0/RPMS/slocate-2.6-3.i386.rpm


• slocate slocate-2.7.tar.gz
  ftp://ftp.geekreview.com/slocate/src/slocate-2.7.tar.gz

Turbolinux Turbolinux Advanced Server 6.0

• Turbolinux slocate-2.7-5.i386.rpm
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/AdvancedServer /6/ja/updates/RPMS/slocate-2.7-5.i386.rpm

Turbolinux Turbolinux Workstation 6.0

• Turbolinux slocate-2.7-5.i386.rpm
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/6. 0/ja/updates/RPMS/slocate-2.7-5.i386.rpm

Turbolinux Turbolinux Server 6.1

• Turbolinux slocate-2.7-5.i386.rpm
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.1/ja/ updates/RPMS/slocate-2.7-5.i386.rpm

Turbolinux Turbolinux Server 6.5

• Turbolinux slocate-2.7-5.i386.rpm
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/6.5/upd ates/RPMS/slocate-2.7-5.i386.rpm

Turbolinux Turbolinux Workstation 7.0

• Turbolinux slocate-2.7-5.i586.rpm
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/7/ updates/RPMS/slocate-2.7-5.i586.rpm

Turbolinux Turbolinux Server 7.0

• Turbolinux slocate-2.7-5.i586.rpm
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/7/updat es/RPMS/slocate-2.7-5.i586.rpm

Turbolinux Turbolinux Server 8.0

• Turbolinux slocate-2.7-5.i586.rpm
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Server/8/updat es/RPMS/slocate-2.7-5.i586.rpm

Turbolinux Turbolinux Workstation 8.0

• Turbolinux slocate-2.7-5.i586.rpm
  ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Workstation/8/ updates/RPMS/slocate-2.7-5.i586.rpm