Debian 2.2 Potato DSA-005-1 Critical Slocate Local Exploit Advisory
debian
December 16, 2000
Michel Kaempf reported a security problem in slocate on bugtraqwhich was originally discovered by zorgon.
Topics Covered
Summary
Package : slocate
Problem type : local exploit
Debian-specific: no
Michel Kaempf reported a security problem in slocate (a secure version
of locate, a tool to quickly locate files on a filesystem) on bugtraq
which was originally discovered by zorgon. He discovered there was
a bug in the database reading code which made it overwrite a internal
structure with some input. He then showed this could be exploited
to trick slocate into executing arbitrary code by pointing it to a
carefully crafted database.
This has been fixed in version 2.4-2potato1 and we recommend that you
upgrade your slocate package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
MD5 checksum: 9d15a0e95b501427f697e9031d8e62e8
MD5 checksum: 7effe675baba70e3b30ce41e9d231835
MD5 checksum: 185520e64e7b194b6d448...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!