Users login

Create an account »


Users login

Home » Hacking News » TurboLinux Advisory #TLSA2001002-1 (slocate-2.3-1)

TurboLinux Advisory #TLSA2001002-1 (slocate-2.3-1)

by Phiber on February 9th, 2001 There is a heap-corruption vulnerability existing in slocate. It can compromise slocate's ability to maintain an index of the entire file- system as well as its ability to read user-specified databases...

Secure Locate maintains an index of the entire filesystem, including
files only visible by root. The slocate binary is setgid "slocate"
so it can read this index. The heap-corruption vulnerability may com-
promise disclosure of these files if exploited.

When running slocate, users are able to specify a database of their own
as a commandline parameter. A subtle vulnerability exists in slocate's
reading of these user-supplied databases that may allow a local user to
execute arbitrary code with effective gid slocate.

Quick fix available in advisory file, so download it!

Download this advisory


Visit TurboLinux

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »