slocate heap buffer overflow

slocate-heap-bo (13354)

High Risk

Description:

Secure Locate (slocate), when running on Red Hat Linux distributions, is vulnerable to a heap-based buffer overflow. A local attacker could exploit this vulnerability to overflow a buffer and execute arbitrary code on the system and possibly gain slocate group privileges.

Platforms Affected:

• Debian, Debian Linux 3.0
• FedoraProject, Fedora Core 4
• Kevin Lindsay, slocate 2.6
• MandrakeSoft, Mandrake Linux 9.1 PPC
• MandrakeSoft, Mandrake Linux 9.1
• MandrakeSoft, Mandrake Linux 9.2 AMD64
• MandrakeSoft, Mandrake Linux 9.2
• MandrakeSoft, Mandrake Linux Corporate Server 2.1
• MandrakeSoft, Mandrake Linux Corporate Server 2.1 X86_64
• RedHat, Enterprise Linux 2.1 AS
• RedHat, Enterprise Linux 2.1 AW
• RedHat, Enterprise Linux 2.1 WS
• RedHat, Enterprise Linux 2.1 ES
• RedHat, Enterprise Linux 3 WS
• RedHat, Enterprise Linux 3 ES
• RedHat, Enterprise Linux 3 AS
• RedHat, Linux 9.0
• RedHat, Linux
• RedHat, Linux Advanced Workstation 2.1 Itanium
• SCO, Caldera OpenLinux Server 3.1.1
• SCO, Caldera OpenLinux Workstation 3.1.1
• Trustix, Secure Linux 1.5
• Trustix, Secure Linux 2.0
• Turbolinux, Turbolinux 10 Desktop
• Turbolinux, Turbolinux 7 Server
• Turbolinux, Turbolinux 7 Workstation
• Turbolinux, Turbolinux 8 Server
• Turbolinux, Turbolinux 8 Workstation
• Turbolinux, Turbolinux Advanced Server 6
• Turbolinux, Turbolinux Server 6.1
• Turbolinux, Turbolinux Server 6.5
• Turbolinux, Turbolinux Workstation 6.0

Remedy:

Upgrade to the latest version of slocate (2.7 or later), available from the slocate Web page. See References.

For Debian GNU/Linux 3.0 (alias woody):
Upgrade to the latest slocate package (2.6-1.3.2 or later), as listed in DSA 428-1. See References.

For Trustix Secure Linux 1.5 and 2.0:
Upgrade to the latest slocate package (2.7-1tr or later), as listed in Trustix Secure Linux Security Advisory #2004-0005. See References.

For Red Hat Linux 9:
Upgrade to the lastest slocate package (2.7-2 or later), as listed in RHSA-2004:040-02. See References.

For Mandrake Linux:
Upgrade to the latest slocate package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:004 : slocate for more information. See References.

Mandrake Linux 9.1: 2.7-2.1.91mdk or later
Mandrake Linux 9.2: 2.7-2.1.92mdk or later
Mandrake Linux Corporate Server 2.1: 2.7-2.1.C21mdk or later

For Fedora Core:
Upgrade to the latest slocate package, as listed below. Refer to Fedora Security Update Notification FEDORA-20043-059 for more information. See References.

Fedora Core 4: 2.7-4 or later

For Red Hat Linux:
Upgrade to the latest slocate package, as listed below. Refer to RHSA-2004:041-06 for more information. See References.

Red Hat Enterprise Linux AS (v. 2.1), ES (v. 2.1), WS (v. 2.1), and Advanced Workstation for the Itanium Processor: 2.7-1 or later
Red Hat Enterprise Linux AS (v. 3), ES (v. 3), and WS (v. 3): 2.7-3 or later

For Caldera OpenLinux 3.1.1 Server and Workstation:
Upgrade to the latest slocate package, as listed below. Refer to SCO Security Advisory CSSA-2004-001.0 for more information. See References.

Caldera OpenLinux 3.1.1 Server and Workstation: 2.7-1 or later

For Turbolinux:
Upgrade to the latest slocate package (2.7-5 or later), as listed in Turbolinux Security Advisory TLSA-2004-6. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Privileges

References:

• BugTraq Mailing List, Mon Oct 06 2003 - 13:10:47 CDT, SA-20031006 slocate vulnerability at http://archives.neohapsis.com/archives/bugtraq/2003-10/0084.html.
• DSA 428-1, slocate at http://www.debian.org/security/2004/dsa-428.
• Fedora Security Update Notification FEDORA-2004-059, slocate at http://lists.seifried.org/pipermail/security/2004-January/001127.html.
• SCO Security Advisory CSSA-2004-001.0, OpenLinux: slocate local user buffer overflow at http://www.securityfocus.com/advisories/6312.
• SecuriTeam Mailing List, UNIX focus 13 Oct 2003, slocate Buffer Overflow (-i, -d, Exploit) at http://www.securiteam.com/unixfocus/6R00G0U8KQ.html.
• slocate Web site, Secure Locate at http://www.geekreview.org/slocate/.
• Trustix Secure Linux Security Advisory #2004-0005, slocate at http://www.linuxsecurity.com/content/view/105676/109/. (From LinuxSecurity archive)
• BID-8780: SLocate User-Supplied Database Heap Overflow Vulnerability
• BID-8790: LTrace Local Command Line Parameter Heap Overflow Vulnerability
• CVE-2003-0848: Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative pathlen value to be used.
• DSA-428: slocate -- buffer overflow
• MDKSA-2004:004: Updated slocate packages fix vulnerability
• RHSA-2004-040: Updated slocate packages fix vulnerability
• RHSA-2004-041: slocate security update
• SA9962: slocate User Database Privilege Escalation Vulnerability

Reported:

Oct 06, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page