This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated slocate packages are now available that fix vulnerabilities
allowing a local user to gain 'slocate' group privileges.
Slocate is a security-enhanced version of locate, designed to find
files on a system via a central database.
Patrik Hornik discovered a vulnerability in Slocate versions up to and
including 2.7 where a carefully crafted database could overflow a
heap-based buffer. A local user could exploit this vulnerability to
gain 'slocate' group privileges and then read the entire slocate
database. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0848 to this issue.
Users of Slocate should upgrade to these erratum packages, which
contain Slocate version 2.7 with the addition of a patch from Kevin
Lindsay that causes slocate to drop privileges before reading a
For Red Hat Enterprise Linux 2.1 these packages also fix a buffer
overflow that affected unpatched versions of Slocate prior to 2.7.
This vulnerability could also allow a local user to gain 'slocate'
group privileges. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2003-0056 to this issue.
See also :
Update the affected slocate package.
Risk factor :
High / CVSS Base Score : 7.2
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12457 ()
CVE ID: CVE-2003-0056CVE-2003-0848
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.