slocate heap buffer overflow

slocate-heap-bo (13354)

High Risk

Description:

Secure Locate (slocate), when running on Red Hat Linux distributions, is vulnerable to a heap-based buffer overflow. A local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system and possibly gain slocate group privileges.

Consequences:

Gain Privileges

Remedy:

Upgrade to the latest version of slocate (2.7 or later), available from the slocate Web page. See References.

For Debian GNU/Linux 3.0 (alias woody):
Upgrade to the latest slocate package (2.6-1.3.2 or later), as listed in DSA 428-1. See References.

For Trustix Secure Linux 1.5 and 2.0:
Upgrade to the latest slocate package (2.7-1tr or later), as listed in Trustix Secure Linux Security Advisory #2004-0005. See References.

For Red Hat Linux 9:
Upgrade to the lastest slocate package (2.7-2 or later), as listed in RHSA-2004:040-02. See References.

For Mandrake Linux:
Upgrade to the latest slocate package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:004 : slocate for more information. See References.

Mandrake Linux 9.1: 2.7-2.1.91mdk or later
Mandrake Linux 9.2: 2.7-2.1.92mdk or later
Mandrake Linux Corporate Server 2.1: 2.7-2.1.C21mdk or later

For Fedora Core:
Upgrade to the latest slocate package, as listed below. Refer to Fedora Security Update Notification FEDORA-20043-059 for more information. See References.

Fedora Core 4: 2.7-4 or later

For Red Hat Linux:
Upgrade to the latest slocate package, as listed below. Refer to RHSA-2004:041-06 for more information. See References.

Red Hat Enterprise Linux AS (v. 2.1), ES (v. 2.1), WS (v. 2.1), and Advanced Workstation for the Itanium Processor: 2.7-1 or later
Red Hat Enterprise Linux AS (v. 3), ES (v. 3), and WS (v. 3): 2.7-3 or later

For Caldera OpenLinux 3.1.1 Server and Workstation:
Upgrade to the latest slocate package, as listed below. Refer to SCO Security Advisory CSSA-2004-001.0 for more information. See References.

Caldera OpenLinux 3.1.1 Server and Workstation: 2.7-1 or later

For Turbolinux:
Upgrade to the latest slocate package (2.7-5 or later), as listed in Turbolinux Security Advisory TLSA-2004-6. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

References:

• BugTraq Mailing List, Mon Oct 06 2003 - 13:10:47 CDT: SA-20031006 slocate vulnerability.
• DSA 428-1: slocate.
• Fedora Security Update Notification FEDORA-2004-059: slocate.
• SCO Security Advisory CSSA-2004-001.0: OpenLinux: slocate local user buffer overflow.
• SecuriTeam Mailing List, UNIX focus 13 Oct 2003: slocate Buffer Overflow (-i, -d, Exploit).
• slocate Web site: Secure Locate.
• Trustix Secure Linux Security Advisory #2004-0005: slocate. (From LinuxSecurity archive)
• BID-8780: SLocate User-Supplied Database Heap Overflow Vulnerability
• BID-8790: LTrace Local Command Line Parameter Heap Overflow Vulnerability
• CVE-2003-0848: Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative pathlen value to be used.
• DSA-428: slocate -- buffer overflow
• MDKSA-2004:004: Updated slocate packages fix vulnerability
• RHSA-2004-040: Updated slocate packages fix vulnerability
• RHSA-2004-041: slocate security update
• SA9962: slocate User Database Privilege Escalation Vulnerability

Platforms Affected:

• Debian Debian Linux 3.0
• FedoraProject Fedora Core 4
• Kevin Lindsay slocate 2.6
• MandrakeSoft Mandrake Linux 9.1 PPC
• MandrakeSoft Mandrake Linux 9.1
• MandrakeSoft Mandrake Linux 9.2 AMD64
• MandrakeSoft Mandrake Linux 9.2
• MandrakeSoft Mandrake Linux Corporate Server 2.1 X86_64
• MandrakeSoft Mandrake Linux Corporate Server 2.1
• RedHat Enterprise Linux 2.1 WS
• RedHat Enterprise Linux 2.1 AS
• RedHat Enterprise Linux 2.1 ES
• RedHat Enterprise Linux 2.1 AW
• RedHat Enterprise Linux 3 AS
• RedHat Enterprise Linux 3 WS
• RedHat Enterprise Linux 3 ES
• RedHat Linux 9.0
• RedHat Linux
• RedHat Linux Advanced Workstation 2.1 Itanium
• SCO Caldera OpenLinux Server 3.1.1
• SCO Caldera OpenLinux Workstation 3.1.1
• Trustix Secure Linux 1.5
• Trustix Secure Linux 2.0
• Turbolinux Turbolinux 10 Desktop
• Turbolinux Turbolinux 7 Server
• Turbolinux Turbolinux 7 Workstation
• Turbolinux Turbolinux 8 Server
• Turbolinux Turbolinux 8 Workstation
• Turbolinux Turbolinux Advanced Server 6
• Turbolinux Turbolinux Server 6.1
• Turbolinux Turbolinux Server 6.5
• Turbolinux Turbolinux Workstation 6.0

Reported:

Oct 06, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page