Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » [CSSA-2003-009.0] Linux: slocate command line buffer overflows

[CSSA-2003-009.0] Linux: slocate command line buffer overflows

by Nikola Strahija on March 7th, 2003 The slocate command suffers from two command line buffer overflows.


Subject: Linux: slocate command line buffer overflows
Advisory number: CSSA-2003-009.0
Issue date: 2003 March 06
Cross reference:
______________________________________________________________________________


1. Problem Description

The slocate command suffers from two command line buffer
overflows.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------

OpenLinux 3.1.1 Server prior to slocate-2.6-3.i386.rpm

OpenLinux 3.1.1 Workstation prior to slocate-2.6-3.i386.rpm

OpenLinux 3.1 Server prior to slocate-2.6-3.i386.rpm

OpenLinux 3.1 Workstation prior to slocate-2.6-3.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-009.0/RPMS

4.2 Packages

d357c2ee6bd94601dc6be091ddf8082e slocate-2.6-3.i386.rpm

4.3 Installation

rpm -Fvh slocate-2.6-3.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-009.0/SRPMS

4.5 Source Packages

7125d9ef9ec4c3285112fbfabf239a5f slocate-2.6-3.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-009.0/RPMS

5.2 Packages

685e16e765ceaed906a59e65860848b2 slocate-2.6-3.i386.rpm

5.3 Installation

rpm -Fvh slocate-2.6-3.i386.rpm

5.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-009.0/SRPMS

5.5 Source Packages

4f513aebf7046701c41eee72f8e15c2a slocate-2.6-3.src.rpm


6. OpenLinux 3.1 Server

6.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-009.0/RPMS

6.2 Packages

ce609a2df9f795106913c60a86c30427 slocate-2.6-3.i386.rpm

6.3 Installation

rpm -Fvh slocate-2.6-3.i386.rpm

6.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Server/CSSA-2003-009.0/SRPMS

6.5 Source Packages

6e0da763e91bf91362d2521ef471c457 slocate-2.6-3.src.rpm


7. OpenLinux 3.1 Workstation

7.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-009.0/RPMS

7.2 Packages

239f88e2ba4d1db53cd49e8ab5d22b28 slocate-2.6-3.i386.rpm

7.3 Installation

rpm -Fvh slocate-2.6-3.i386.rpm

7.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1/Workstation/CSSA-2003-009.0/SRPMS

7.5 Source Packages

1bd5b95650c530fbe48d58d7bdc2dd8d slocate-2.6-3.src.rpm


8. References

Specific references for this advisory:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0056

SCO security resources:

http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr873878, fz527219,
erg712211, erg712226.


9. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


10. Acknowledgements

Knight420 and Gregory Duchemin discovered
and investigated these vulnerabilities.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »