SLocate User-Supplied Database Heap Overflow Vulnerability

Bugtraq ID:	8780
Class:	Boundary Condition Error
CVE:	CVE-2003-0848
Remote:	No
Local:	Yes
Published:	Oct 06 2003 12:00AM
Updated:	Jul 11 2009 11:56PM
Credit:	Discovery credited to Patrik Hornik.
Vulnerable:	Turbolinux Turbolinux Workstation 8.0 Turbolinux Turbolinux Workstation 7.0 Turbolinux Turbolinux Workstation 6.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Turbolinux Server 6.5 Turbolinux Turbolinux Server 6.1 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux Advanced Server 6.0 Sun Cobalt RaQ XTR Sun Cobalt RaQ 4 Sun Cobalt Qube 3 slocate slocate 2.6 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Workstation 3.1.1 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Gentoo Linux 1.4 _rc2 + Gentoo Linux 1.4 _rc1 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + Mandriva Linux Mandrake 9.2 amd64 + Mandriva Linux Mandrake 9.2 + Mandriva Linux Mandrake 9.1 ppc + Mandriva Linux Mandrake 9.1 + RedHat Linux 9.0 i386 + RedHat Linux 8.0 i386 + RedHat Linux 7.3 i386 + RedHat Linux 7.2 i386 + Trustix Secure Linux 2.0 + Trustix Secure Linux 1.5 slocate slocate 2.5 slocate slocate 2.4 slocate slocate 2.3 slocate slocate 2.2 slocate slocate 2.1 + Red Hat Linux 6.2 SGI ProPack 2.4 SGI ProPack 2.3

Not Vulnerable:	slocate slocate 2.7 + MandrakeSoft Corporate Server 3.0 x86_64 + MandrakeSoft Corporate Server 3.0 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + Mandriva Linux Mandrake 10.2 x86_64 + Mandriva Linux Mandrake 10.2 + Mandriva Linux Mandrake 10.1 x86_64 + Mandriva Linux Mandrake 10.1 + Mandriva Linux Mandrake 10.0 AMD64 + Mandriva Linux Mandrake 10.0