aru Posted January 23, 2004 Report Share Posted January 23, 2004 MandrakeSoft Security Advisory MDKSA-2004:004 : slocate January 23rd, 2004 Updated slocate packages fix vulnerability A vulnerability was discovered by Patrik Hornik in slocate versions up to and including 2.7 where a carefully crafted database could overflow a heap-based buffer. This could be exploited by a local user to gain privileges of the 'slocate' group. The updated packages contain a patch from Kevin Lindsay that causes slocate to drop privileges before reading a user-supplied database. The released versions of Mandrake GNU/Linux affected are: 9.1 9.2 9.2/AMD64 Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:004 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0848 Posted automatically by aru (mdksec2mub v0.0.7) Link to comment Share on other sites More sharing options...
Recommended Posts