Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Debian 2.2 Potato DSA-005-1 Critical Slocate Local Exploit Advisory

debian
Calendar Grey December 16, 2000
Debian Logo
Ubuntu Security Notice USN-1234-1 exposes a vulnerability in locate that could be exploited by local users, making upgrades essential to prevent unauthorized command execution
Michel Kaempf reported a security problem in slocate on bugtraqwhich was originally discovered by zorgon.

Summary

Package : slocate
Problem type : local exploit
Debian-specific: no

Michel Kaempf reported a security problem in slocate (a secure version
of locate, a tool to quickly locate files on a filesystem) on bugtraq
which was originally discovered by zorgon. He discovered there was
a bug in the database reading code which made it overwrite a internal
structure with some input. He then showed this could be exploited
to trick slocate into executing arbitrary code by pointing it to a
carefully crafted database.

This has been fixed in version 2.4-2potato1 and we recommend that you
upgrade your slocate package immediately.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.


Debian GNU/Linux 2.2 alias potato

Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

Source archives:

MD5 checksum: 9d15a0e95b501427f697e9031d8e62e8

MD5 checksum: 7effe675baba70e3b30ce41e9d231835

MD5 checksum: 185520e64e7b194b6d448...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.