BugTraq
[USG- SA- 2003.001] USG Security Advisory (slocate) Jan 24 2003 03:27PM
inkubus hushmail com (1 replies)
Re: [USG- SA- 2003.001] USG Security Advisory (slocate) Jan 25 2003 05:42AM
Kevin Lindsay (klindsay mkintraweb com)
All fixed, I don't have a specific patch, other changes were incorporated
into this version (2.7).

ftp://ftp.geekreview.com/slocate/src/slocate-2.7.tar.gz

Let me know if anything funky happens.

Kevin-

On Fri, Jan 24, 2003 at 07:27:27AM -0800, inkubus (at) hushmail (dot) com [email concealed] wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> __________________________________________________
>
> USG Security Advisory
> http://www.usg.org.uk/advisories/2003.001.txt
> inkubus (at) hushmail (dot) com [email concealed]
> USG- SA- 2003.001 24- Jan- 2003
> __________________________________________________
>
> Package: slocate
> Vulnerability: local buffer overflow
> Type: local
> Risk: high, users can gain high privileges in the system.
> System tested: RedHat Linux 7.3 (Valhalla) with slocate-2.6-1 from RPM
> Credits: Knight420, Team TESO, Michal Zalewski, Aleph1, dvdman
>

---------------------------------------------------
Kevin Lindsay
Debian Developer
Fingerprint: 81E 58A3 B49A 580E EE3D 8CF0 519A 55F0 746C 51F4
Key Id: 746C51F4

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus